CVE-2023-53071

MEDIUM EPSS 5.3%
Published May 2, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76_unregister_device() on unregistered hw Trying to probe a mt7921e pci card without firmware results in a successful probe where ieee80211_register_hw hasn't been called. When removing the driver, ieee802111_unregister_hw is called unconditionally leading to a kernel NULL pointer dereference. Fix the issue running mt76_unregister_device routine just for registered hw.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.18  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.2.9
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/2d34f27714c97a9786a30b3bb54944d6d8ed612f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41130c32f3a18fcc930316da17f3a5f3bc326aa1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dffe86df26aee01a5fc56a175b7a7f157961e370
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2d34f27714c97a9786a30b3bb54944d6d8ed612f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41130c32f3a18fcc930316da17f3a5f3bc326aa1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dffe86df26aee01a5fc56a175b7a7f157961e370
    Patch