CVE-2023-52768

wifi: wilc1000: use vmm_table as array in wilc struct

Severity Score

5.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with
vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4
Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table.
There is indeed a mismatch between the size passed to allocator in
wilc_wlan_init, and the range of possible indexes used later: allocation
size is missing a multiplication by sizeof(u32)

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wilc1000: use vmm_table como matriz en wilc struct. Al habilitar KASAN y ejecutar algunas pruebas de iperf se generan algunos problemas de memoria con vmm_table: BUG: KASAN: slab-out-of-bounds en wilc_wlan_handle_txq +0x6ac/0xdb4 Escritura de tamaño 4 en la dirección c3a61540 mediante la tarea wlan0-tx/95 KASAN detecta que estamos escribiendo datos más allá del rango asignado a vmm_table. De hecho, existe una discrepancia entre el tamaño pasado al asignador en wilc_wlan_init y el rango de posibles índices utilizados más adelante: al tamaño de la asignación le falta una multiplicación por sizeof(u32)

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of possible indexes used later: allocation size is missing a multiplication by sizeof(u32)

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-04-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/32dd0b22a5ba1dd296ccf2caf46ad44c3a8d5d98	Vuln. Introduced
https://git.kernel.org/stable/c/40b717bfcefab28a0656b8caa5e43d5449e5a671	Vuln. Introduced
https://git.kernel.org/stable/c/5212d958f6518003cd98c9886f8e8aedcfc25741	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8	2023-11-28
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27	2023-11-28
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e	2023-11-28
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c	2023-11-28
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3	2023-10-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.68 < 5.15.140 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.68 < 5.15.140"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.19.9 Search vendor "Linux" for product "Linux Kernel" and version "5.19.9"		en		Affected