| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100426-CVE-2023-53589-22f7@gregkh> Date: Sat, 4 Oct 2025 17:51:43 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53589: wifi: iwlwifi: mvm: don't trust firmware n_channels From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly. The Linux kernel CVE team has assigned CVE-2023-53589 to this issue. Affected and fixed versions =========================== Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 5.4.244 with commit e519a404a5bbba37693cb10fa61794a5fce4fd9b Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 5.10.181 with commit d0d39bed9e95f27a246be91c5929254ac043ed30 Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 5.15.113 with commit 05ad5a4d421ce65652fcb24d46b7e273130240d6 Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 6.1.30 with commit 557ba100d8cf3661ff8d71c0b4a2cba8db555ec2 Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 6.3.4 with commit c176f03350954b795322de0bfe1d7b514db41f45 Issue introduced in 4.1 with commit dcaf9f5ecb6f395152609bdc40660d9b593dca63 and fixed in 6.4 with commit 682b6dc29d98e857e6ca4bbc077c7dc2899b7473 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53589 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/intel/iwlwifi/mvm/nvm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30 https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6 https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2 https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45 https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473
Powered by blists - more mailing lists