CVE-2023-53717
- Source
- https://cve.org/CVERecord?id=CVE-2023-53717
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53717.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53717
- Downstream
- Related
- Published
- 2025-10-22T13:23:50.161Z
- Modified
- 2026-03-11T07:51:24.780352663Z
- Summary
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirsp_callback()
Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd(). The callback writes to wmi->cmdrspbuf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->lastseqid to 0 when a timeout occurred.
Found by a modified version of syzkaller.
BUG: KASAN: stack-out-of-bounds in ath9kwmictrlrx Write of size 4 Call Trace: memcpy ath9kwmictrlrx ath9khtcrxmsg ath9khifusbregincb __usbhcdgiveback_urb usbhcdgivebackurb dummytimer calltimerfn runtimersoftirq __dosoftirq irqexitrcu sysvecapictimerinterrupt
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53717.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90
- https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c
- https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6
- https://git.kernel.org/stable/c/89a33c3c847b19b19205cde1d924df2a6c70d8eb
- https://git.kernel.org/stable/c/8a2f35b9830692f7a616f2f627f943bc748af13a
- https://git.kernel.org/stable/c/8f28513d9520184059530c01a9f928a1b3809d3f
- https://git.kernel.org/stable/c/ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc
- https://git.kernel.org/stable/c/bf6dc175a2b53098a69db1236d9d53982f4b1bc0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53717.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53717
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9987d0f748c983bb795a86f47522313f701a08Fixed89a33c3c847b19b19205cde1d924df2a6c70d8ebFixedae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bcFixedbf6dc175a2b53098a69db1236d9d53982f4b1bc0Fixed78b56b0a613a87b61290b95be497fdfe2fe58aa6Fixed1af7eacfad45149c54893a8a9df9e92ef89f0a90Fixed8f28513d9520184059530c01a9f928a1b3809d3fFixed554048a72d7ecfdd58cc1bfb56e0a1864e64e82cFixed8a2f35b9830692f7a616f2f627f943bc748af13a
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.35Fixed4.14.308
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.276
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.235
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.173
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.99
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.16
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.2.3