CVE-2023-52768

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of possible indexes used later: allocation size is missing a multiplication by sizeof(u32)

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3	Patch
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c	Patch
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27	Patch
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8	Patch
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e	Patch
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3	Patch
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c	Patch
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27	Patch
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8	Patch
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-21 16:15

Updated : 2025-04-02 15:03

NVD link : CVE-2023-52768

Mitre link : CVE-2023-52768

CVE.ORG link : CVE-2023-52768

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-129

Improper Validation of Array Index

{"id": "CVE-2023-52768", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 0.8}]}, "published": "2024-05-21T16:15:15.983", "references": [{"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: use vmm_table as array in wilc struct\n\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\n\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\n\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: wilc1000: use vmm_table como matriz en wilc struct. Al habilitar KASAN y ejecutar algunas pruebas de iperf se generan algunos problemas de memoria con vmm_table: BUG: KASAN: slab-out-of-bounds en wilc_wlan_handle_txq +0x6ac/0xdb4 Escritura de tama\u00f1o 4 en la direcci\u00f3n c3a61540 mediante la tarea wlan0-tx/95 KASAN detecta que estamos escribiendo datos m\u00e1s all\u00e1 del rango asignado a vmm_table. De hecho, existe una discrepancia entre el tama\u00f1o pasado al asignador en wilc_wlan_init y el rango de posibles \u00edndices utilizados m\u00e1s adelante: al tama\u00f1o de la asignaci\u00f3n le falta una multiplicaci\u00f3n por sizeof(u32)"}], "lastModified": "2025-04-02T15:03:18.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A7D491-076F-47B7-95AE-A448DB9CA725", "versionEndExcluding": "5.15.140", "versionStartIncluding": "5.15.68"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC36B304-B2D3-43DD-A07D-2566927F8CE4", "versionEndExcluding": "6.1.64", "versionStartIncluding": "5.19.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4", "versionEndExcluding": "6.5.13", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}