CVE-2023-53113

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NULL-ptr deref in offchan check If, e.g. in AP mode, the link was already created by userspace but not activated yet, it has a chandef but the chandef isn't valid and has no channel. Check for this and ignore this link.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a	Patch
https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a	Patch
https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::

History

10 Nov 2025, 17:53

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
CWE		CWE-476
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a -~~	() https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a - Patch
References	~~() https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a -~~	() https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a - Patch
References	~~() https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705 -~~	() https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

Information

Published : 2025-05-02 16:15

Updated : 2025-11-10 17:53

NVD link : CVE-2023-53113

Mitre link : CVE-2023-53113

CVE.ORG link : CVE-2023-53113

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-53113", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-05-02T16:15:30.407", "references": [{"url": "https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NULL-ptr deref in offchan check\n\nIf, e.g. in AP mode, the link was already created by userspace\nbut not activated yet, it has a chandef but the chandef isn't\nvalid and has no channel. Check for this and ignore this link."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: se corrige la deref NULL-ptr en la comprobaci\u00f3n offchan. Si, por ejemplo, en modo AP, el enlace ya fue creado por el espacio de usuario, pero a\u00fan no se activ\u00f3, tiene una definici\u00f3n de canal (chandef), pero esta no es v\u00e1lida y no tiene canal. Verifique esto e ignore este enlace."}], "lastModified": "2025-11-10T17:53:08.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F1B346A-2F97-4DCF-9D43-4B1FA388971C", "versionEndExcluding": "6.1.21", "versionStartIncluding": "5.19.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4011EC6B-7786-4709-B765-186FA31D6F7F", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}