CVE-2023-53570

HIGH EPSS 4.7%
Published Oct 4, 20259mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 4, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an integer overflow if a user of the nl80211 interface specifies 256 or more elements in the corresponding attribute in userspace. The integer overflow can lead to a heap buffer overflow as num_elems determines the size of the trailing array in elems, and this array is thereafter written to for each element in attrs. Note that this vulnerability only affects devices with the wiphy->mbssid_max_interfaces member set for the wireless physical device struct in the device driver, and can only be triggered by a process with CAP_NET_ADMIN capabilities. Fix this by checking for a maximum of 255 elements in attrs.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.16  –  <6.1.46
linuxlinux_kernel*≥6.2  –  <6.4.11
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/6311071a056272e1e761de8d0305e87cc566f734
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d09f9f255a5f78578deba5454923072bb53b16c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e642eb67b8c10dcce758d549cc81564116e0fa49
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/6311071a056272e1e761de8d0305e87cc566f734
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d09f9f255a5f78578deba5454923072bb53b16c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e642eb67b8c10dcce758d549cc81564116e0fa49
    Patch