CVE-2024-53156

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53156
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53156.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53156
Downstream
Related
Published
2024-12-24T12:15:23Z
Modified
2025-08-09T20:01:27Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: add range check for connrspepid in htcconnectservice()

I found the following bug in my fuzzer:

UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type 'htcendpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events requestfirmwareworkfunc Call Trace: <TASK> dumpstacklvl+0x180/0x1b0 _ubsanhandleoutofbounds+0xd4/0x130 htcissuesend.constprop.0+0x20c/0x230 ? rawspinunlockirqrestore+0x3c/0x70 ath9kwmicmd+0x41d/0x610 ? markheldlocks+0x9f/0xe0 ...

Since this bug has been confirmed to be caused by insufficient verification of connrspepid, I think it would be appropriate to add a range check for connrspepid to htcconnectservice() to prevent the bug from occurring.

References

Affected packages