CVE-2023-53589

MEDIUM EPSS 4.0%
Published Oct 4, 20258mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 4, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.1  –  <5.4.244
linuxlinux_kernel*≥5.5  –  <5.10.181
linuxlinux_kernel*≥5.11  –  <5.15.113
linuxlinux_kernel*≥5.16  –  <6.1.30
linuxlinux_kernel*≥6.2  –  <6.3.4
linuxlinux_kernel6.4any
linuxlinux_kernel6.4any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b
    Patch