| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091857-CVE-2023-53384-042e@gregkh> Date: Thu, 18 Sep 2025 15:34:29 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53384: wifi: mwifiex: avoid possible NULL skb pointer dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiex_handle_uap_rx_forward()', always check the value returned by 'skb_copy()' to avoid potential NULL pointer dereference in 'mwifiex_uap_queue_bridged_pkt()', and drop original skb in case of copying failure. Found by Linux Verification Center (linuxtesting.org) with SVACE. The Linux kernel CVE team has assigned CVE-2023-53384 to this issue. Affected and fixed versions =========================== Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 4.14.326 with commit d155c5f64cefacdc6a9a26d40be53ee2903c28ff Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 4.19.295 with commit 139d285e7695279f030dbb172e2d0245425c86c6 Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 5.4.257 with commit 231086e6a36316b823654f4535653f22d6344420 Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 5.10.195 with commit bef85d58f7709896ed8426560ad117a73a37762f Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 5.15.132 with commit d7fd24b8d1bb54c5bcf583139e11a5e651e0263c Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 6.1.53 with commit 7e7197e4d6a1bc72a774590d8765909f898be1dc Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 6.4.16 with commit 0c57f9ad2c3ed43abb764b0247d610ff7fdb7a00 Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 6.5.3 with commit c2509f7c37355e1f0bd5b7087815b845fd383723 Issue introduced in 3.7 with commit 838e4f44929782a2163c7bc95a7cd2da5d8b47f9 and fixed in 6.6 with commit 35a7a1ce7c7d61664ee54f5239a1f120ab95a87e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53384 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/marvell/mwifiex/uap_txrx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d155c5f64cefacdc6a9a26d40be53ee2903c28ff https://git.kernel.org/stable/c/139d285e7695279f030dbb172e2d0245425c86c6 https://git.kernel.org/stable/c/231086e6a36316b823654f4535653f22d6344420 https://git.kernel.org/stable/c/bef85d58f7709896ed8426560ad117a73a37762f https://git.kernel.org/stable/c/d7fd24b8d1bb54c5bcf583139e11a5e651e0263c https://git.kernel.org/stable/c/7e7197e4d6a1bc72a774590d8765909f898be1dc https://git.kernel.org/stable/c/0c57f9ad2c3ed43abb764b0247d610ff7fdb7a00 https://git.kernel.org/stable/c/c2509f7c37355e1f0bd5b7087815b845fd383723 https://git.kernel.org/stable/c/35a7a1ce7c7d61664ee54f5239a1f120ab95a87e
Powered by blists - more mailing lists