| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123027-CVE-2023-54286-efd5@gregkh> Date: Tue, 30 Dec 2025 13:23:39 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54286: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16) WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017 RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Call Trace: <TASK> iwl_set_dynamic_key+0x1f0/0x220 [iwldvm] iwlagn_mac_set_key+0x1e4/0x280 [iwldvm] drv_set_key+0xa4/0x1b0 [mac80211] ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211] ieee80211_key_replace+0x22d/0x8e0 [mac80211] <snip> The Linux kernel CVE team has assigned CVE-2023-54286 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit 76b5ea43ad2fb4f726ddfaff839430a706e7d7c2 Fixed in 4.19.284 with commit 3ed3c1c2fc3482b72e755820261779cd2e2c5a3e Fixed in 5.4.244 with commit fa57021262e998e2229d6383b1081638df2fe238 Fixed in 5.10.181 with commit 91ad1ab3cc7e981cb6d6ee100686baed64e1277e Fixed in 5.15.113 with commit 87940e4030e4705e1f3fd2bbb1854eae8308314b Fixed in 6.1.30 with commit 57189c885149825be8eb8c3524b5af017fdeb941 Fixed in 6.3.4 with commit 6cd644f66b43709816561d63e0173cb0c7aab159 Fixed in 6.4 with commit ef16799640865f937719f0771c93be5dca18adc6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54286 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/intel/iwlwifi/dvm/sta.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/76b5ea43ad2fb4f726ddfaff839430a706e7d7c2 https://git.kernel.org/stable/c/3ed3c1c2fc3482b72e755820261779cd2e2c5a3e https://git.kernel.org/stable/c/fa57021262e998e2229d6383b1081638df2fe238 https://git.kernel.org/stable/c/91ad1ab3cc7e981cb6d6ee100686baed64e1277e https://git.kernel.org/stable/c/87940e4030e4705e1f3fd2bbb1854eae8308314b https://git.kernel.org/stable/c/57189c885149825be8eb8c3524b5af017fdeb941 https://git.kernel.org/stable/c/6cd644f66b43709816561d63e0173cb0c7aab159 https://git.kernel.org/stable/c/ef16799640865f937719f0771c93be5dca18adc6
Powered by blists - more mailing lists