CVE-2023-52594
Published: Mar 6, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 27876a29de221186c9d5883e5fe5f6da18ef9a45 - < f44f073c78112ff921a220d01b86d09f2ace59bcaffected 27876a29de221186c9d5883e5fe5f6da18ef9a45 - < f11f0fd1ad6c11ae7856d4325fe9d05059767225affected 27876a29de221186c9d5883e5fe5f6da18ef9a45 - < 84770a996ad8d7f121ff2fb5a8d149aad52d64c1affected 27876a29de221186c9d5883e5fe5f6da18ef9a45 - < 9003fa9a0198ce004b30738766c67eb7373479c9affected 27876a29de221186c9d5883e5fe5f6da18ef9a45 - < 25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234+3 more versions |
Linux | Linux | affected 3.0unaffected 0 - < 3.0unaffected 4.19.307 - <= 4.19.*unaffected 5.4.269 - <= 5.4.*unaffected 5.10.210 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now