Bug 2401560 (CVE-2023-53570)
| Summary: | CVE-2023-53570 kernel: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
An integer overflow flaw was found in the Linux kernel's nl80211 wireless configuration interface in the MBSSID element parsing logic.
A local user with CAP_NET_ADMIN capability can trigger this issue by specifying 256 or more MBSSID elements through the nl80211 interface, causing the u8 counter num_elems to wrap to zero. This results in a heap buffer overflow when the code allocates space based on the wrapped value but then writes data for all supplied elements, leading to memory corruption and denial of service through kernel crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-10-04 16:07:28 UTC
|