CVE-2023-53524
- Source
- https://cve.org/CVERecord?id=CVE-2023-53524
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53524.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53524
- Downstream
- Related
- Published
- 2025-10-01T11:46:10.397Z
- Modified
- 2026-04-11T12:46:48.729374Z
- Summary
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: pcie: Fix integer overflow in iwlwritetouserbuf
An integer overflow occurs in the iwlwritetouserbuf() function, which is called by the iwldbgfsmonitordataread() function.
static bool iwlwritetouserbuf(char _user *userbuf, ssizet count, void *buf, ssizet *size, ssizet *bytescopied) { int bufsizeleft = count - *bytes_copied;
buf_size_left = buf_size_left - (buf_size_left % sizeof(u32)); if (*size > buf_size_left) *size = buf_size_left;If the user passes a SIZEMAX value to the "ssizet count" parameter, the ssizet count parameter is assigned to "int bufsizeleft". Then compare "*size" with "bufsizeleft" . Here, "bufsizeleft" is a negative number, so "*size" is assigned "bufsizeleft" and goes into the third argument of the copyto_user function, causing a heap overflow.
This is not a security vulnerability because iwldbgfsmonitordataread() is a debugfs operation with 0400 privileges.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53524.json" }- References
-
- https://git.kernel.org/stable/c/059e426d666a41e26b184c177c1ca3ee2d6fa1b6
- https://git.kernel.org/stable/c/0ad8dd870aa187d0c21d032bb2c6433559075eec
- https://git.kernel.org/stable/c/58d1b717879bfeabe09b35e41ad667c79933eb2e
- https://git.kernel.org/stable/c/82f877ec9b041edc4c7c509c605cc3393d837bf0
- https://git.kernel.org/stable/c/de78456976026102babe66258c228691ca5677c0
- https://git.kernel.org/stable/c/eb1ef44efac797b384d361a76e33f77027c29a14
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53524.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53524
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf7805b33f9b13a87b1fcf9dfbc3dcbce281a1436Fixed0ad8dd870aa187d0c21d032bb2c6433559075eecFixed059e426d666a41e26b184c177c1ca3ee2d6fa1b6Fixed82f877ec9b041edc4c7c509c605cc3393d837bf0Fixedeb1ef44efac797b384d361a76e33f77027c29a14Fixedde78456976026102babe66258c228691ca5677c0Fixed58d1b717879bfeabe09b35e41ad667c79933eb2e