CVE-2024-53156

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53156

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53156.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53156

Downstream

BELL-CVE-2024-53156

DEBIAN-CVE-2024-53156

DLA-4075-1

DLA-4076-1

OESA-2025-1158

OESA-2025-1162

OESA-2025-1286

RHSA-2025:6966

SUSE-SU-2025:0117-1

SUSE-SU-2025:0152-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:01590-1

SUSE-SU-2025:01593-1

SUSE-SU-2025:01598-1

SUSE-SU-2025:01601-1

SUSE-SU-2025:01603-1

SUSE-SU-2025:01610-1

SUSE-SU-2025:01663-1

SUSE-SU-2025:01668-1

SUSE-SU-2025:01669-1

SUSE-SU-2025:01672-1

SUSE-SU-2025:01675-1

SUSE-SU-2025:01676-1

SUSE-SU-2025:01677-1

SUSE-SU-2025:01682-1

SUSE-SU-2025:01683-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0202-1

SUSE-SU-2025:0203-1

SUSE-SU-2025:0229-1

SUSE-SU-2025:0230-1

SUSE-SU-2025:0231-1

SUSE-SU-2025:0236-1

SUSE-SU-2025:0289-1

Related

SUSE-SU-2025:0117-1
SUSE-SU-2025:0152-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:01590-1
SUSE-SU-2025:01593-1
SUSE-SU-2025:01598-1
SUSE-SU-2025:01601-1
SUSE-SU-2025:01603-1
SUSE-SU-2025:01610-1
SUSE-SU-2025:01663-1
SUSE-SU-2025:01668-1
SUSE-SU-2025:01669-1
SUSE-SU-2025:01672-1
SUSE-SU-2025:01675-1
SUSE-SU-2025:01676-1
SUSE-SU-2025:01677-1
SUSE-SU-2025:01682-1
SUSE-SU-2025:01683-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0202-1
SUSE-SU-2025:0203-1
SUSE-SU-2025:0229-1
SUSE-SU-2025:0230-1
SUSE-SU-2025:0231-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:0289-1
USN-7276-1
USN-7277-1

Published

2024-12-24T12:15:23Z

Modified

2025-08-09T20:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: add range check for connrspepid in htcconnectservice()

I found the following bug in my fuzzer:

UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type 'htcendpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events requestfirmwareworkfunc Call Trace: <TASK> dumpstacklvl+0x180/0x1b0 _ubsanhandleoutofbounds+0xd4/0x130 htcissuesend.constprop.0+0x20c/0x230 ? rawspinunlockirqrestore+0x3c/0x70 ath9kwmicmd+0x41d/0x610 ? markheldlocks+0x9f/0xe0 ...

Since this bug has been confirmed to be caused by insufficient verification of connrspepid, I think it would be appropriate to add a range check for connrspepid to htcconnectservice() to prevent the bug from occurring.

References

Affected packages