CVE-2023-54300
- Source
- https://cve.org/CVERecord?id=CVE-2023-54300
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54300.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-54300
- Downstream
- Related
- Published
- 2025-12-30T12:23:35.819Z
- Modified
- 2026-03-31T17:29:27.149398039Z
- Summary
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: avoid referencing uninit memory in ath9kwmictrl_rx
For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg()"), ath9khtcrxmsg() should validate pkt_len before accessing the SKB.
For example, the obtained SKB may have been badly constructed with pktlen = 8. In this case, the SKB can only contain a valid htcframehdr but after being processed in ath9khtcrxmsg() and passed to ath9kwmictrl_rx() endpoint RX handler, it is expected to have a WMI command header which should be located inside its data payload.
Implement sanity checking inside ath9kwmictrl_rx(). Otherwise, uninit memory can be referenced.
Tested on Qualcomm Atheros Communications AR9271 802.11n .
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54300.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0bc12e41af4e3ae1f0efecc377f0514459df0707
- https://git.kernel.org/stable/c/250efb4d3f5b32a115ea6bf25437ba44a1b3c04f
- https://git.kernel.org/stable/c/28259ce4f1f1f9ab37fa817756c89098213d2fc0
- https://git.kernel.org/stable/c/75acec91aeaa07375cd5f418069e61b16d39bbad
- https://git.kernel.org/stable/c/8ed572e52714593b209e3aa352406aff84481179
- https://git.kernel.org/stable/c/90e3c10177573b8662ac9858abd9bf731d5d98e0
- https://git.kernel.org/stable/c/ad5425e70789c29b93acafb5bb4629e4eb908296
- https://git.kernel.org/stable/c/d1c2ff2bd84c3692c9df267a2b991ce92bfca8ef
- https://git.kernel.org/stable/c/f24292e827088bba8de7158501ac25a59b064953
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54300.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54300
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9987d0f748c983bb795a86f47522313f701a08Fixed0bc12e41af4e3ae1f0efecc377f0514459df0707Fixed28259ce4f1f1f9ab37fa817756c89098213d2fc0Fixed90e3c10177573b8662ac9858abd9bf731d5d98e0Fixed250efb4d3f5b32a115ea6bf25437ba44a1b3c04fFixedad5425e70789c29b93acafb5bb4629e4eb908296Fixedd1c2ff2bd84c3692c9df267a2b991ce92bfca8efFixed8ed572e52714593b209e3aa352406aff84481179Fixed75acec91aeaa07375cd5f418069e61b16d39bbadFixedf24292e827088bba8de7158501ac25a59b064953
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.35Fixed4.14.322
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.291
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.251
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.188
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.121
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.39
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.3.13
- Type
- ECOSYSTEM
- Events
-
Introduced6.4.0Fixed6.4.4