CVE-2024-53156

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53156
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53156.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53156
Downstream
Related
Published
2024-12-24T11:28:55.275Z
Modified
2025-11-27T02:33:28.244642Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: add range check for connrspepid in htcconnectservice()

I found the following bug in my fuzzer:

UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type 'htcendpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events requestfirmwareworkfunc Call Trace: <TASK> dumpstacklvl+0x180/0x1b0 _ubsanhandleoutofbounds+0xd4/0x130 htcissuesend.constprop.0+0x20c/0x230 ? rawspinunlockirqrestore+0x3c/0x70 ath9kwmicmd+0x41d/0x610 ? markheldlocks+0x9f/0xe0 ...

Since this bug has been confirmed to be caused by insufficient verification of connrspepid, I think it would be appropriate to add a range check for connrspepid to htcconnectservice() to prevent the bug from occurring.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2024/53xxx/CVE-2024-53156.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
5f177fb9d01355ac183e65ad8909ea8ef734e0cf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
cb480ae80fd4d0f1ac9e107ce799183beee5124b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
c941af142200d975dd3be632aeb490f4cb91dae4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
8965db7fe2e913ee0802b05fc94c6d6aa74e0596
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
70eae50d2156cb6e078d0d78809b49bf2f4c7540
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
b6551479daf2bfa80bfd5d9016b02a810e508bfb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
3fe99b9690b99606d3743c9961ebee865cfa1ab8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
bc981179ab5d1a2715f35e3db4e4bb822bacc849
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb9987d0f748c983bb795a86f47522313f701a08
Fixed
8619593634cbdf5abf43f5714df49b04e4ef09ab

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.35
Fixed
4.19.325
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.287
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.231
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.64
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.11
Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.2