CVE-2023-52827 - CERT CVE
ID CVE-2023-52827
Sažetak In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only.
Reference
CVSS
Base: 7.1
Impact: 5.2
Exploitability:1.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE HIGH
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Zadnje važnije ažuriranje 24-05-2024 - 01:14
Objavljeno 21-05-2024 - 16:15