CVE-2023-52800 : In the Linux kernel, the following vulnerability has been resolved: wifi: ath11

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only.

Published 2024-05-21 15:31:13

Updated 2025-04-02 15:02:30

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-52800

Linux » Linux Kernel
Versions from including (>=) 5.6 and before (<) 5.10.202
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.140
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.5.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.64
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.6 and before (<) 6.6.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52800

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52800

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	0.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-06
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52800

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-52800

https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d

wifi: ath11k: fix htt pktlog locking - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52800

Products affected by CVE-2023-52800

Exploit prediction scoring system (EPSS) score for CVE-2023-52800

CVSS scores for CVE-2023-52800

CWE ids for CVE-2023-52800

References for CVE-2023-52800