CVE-2023-52829

wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()

Severity Score

6.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected value
in case some errors happen. As a result out-of-bound write may occur to
soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. This is found during code review. Compile tested only.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: ath12k: corrige una posible escritura fuera de los límites en ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id se extrae del evento WMI y podría ser un valor inesperado en caso de que ocurran algunos errores. Como resultado, puede ocurrir una escritura fuera de los límites en soc->hal_reg_cap. Solucionarlo validando reg_cap.phy_id antes de usarlo. Esto se encuentra durante la revisión del código. Compilación probada únicamente.

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound write may occur to soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. This is found during code review. Compile tested only.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97	2023-11-28
https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e	2023-11-28
https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c	2023-09-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.7"		en		Affected