CVE-2023-52530
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2024-11-08 15:55
Severity ?
Summary
wifi: mac80211: fix potential key use-after-free
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52530",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:13:28.190835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:13:37.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/cfg.c",
            "net/mac80211/key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2408f491ff99",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            },
            {
              "lessThan": "e8e599a63506",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            },
            {
              "lessThan": "e8a834eb09bb",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            },
            {
              "lessThan": "2f4e16e39e4f",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            },
            {
              "lessThan": "65c72a720170",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            },
            {
              "lessThan": "31db78a4923e",
              "status": "affected",
              "version": "fdf7cb4185b6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/cfg.c",
            "net/mac80211/key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.57",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn\u0027t happen\nsince it\u0027s only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T15:55:25.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"
        },
        {
          "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"
        },
        {
          "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"
        }
      ],
      "title": "wifi: mac80211: fix potential key use-after-free",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52530",
    "datePublished": "2024-03-02T21:52:34.966Z",
    "dateReserved": "2024-02-20T12:30:33.318Z",
    "dateUpdated": "2024-11-08T15:55:25.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52530\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-02T22:15:48.567\",\"lastModified\":\"2024-11-08T16:15:18.690\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: mac80211: fix potential key use-after-free\\n\\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\\nbut returns 0 due to KRACK protection (identical key reinstall),\\nieee80211_gtk_rekey_add() will still return a pointer into the\\nkey, in a potential use-after-free. This normally doesn\u0027t happen\\nsince it\u0027s only called by iwlwifi in case of WoWLAN rekey offload\\nwhich has its own KRACK protection, but still better to fix, do\\nthat by returning an error code and converting that to success on\\nthe cfg80211 boundary only, leaving the error for bad callers of\\nieee80211_gtk_rekey_add().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: soluciona el posible Use After Free de la clave Cuando ieee80211_key_link() es llamado por ieee80211_gtk_rekey_add() pero devuelve 0 debido a la protecci\u00f3n KRACK (reinstalaci\u00f3n de clave id\u00e9ntica), ieee80211_gtk_rekey_add() a\u00fan devolver\u00e1 un puntero a la clave, en un posible Use After Free. Esto normalmente no sucede ya que iwlwifi solo lo llama en caso de descarga de recodificaci\u00f3n de WoWLAN, que tiene su propia protecci\u00f3n KRACK, pero a\u00fan es mejor solucionarlo, h\u00e1galo devolviendo un c\u00f3digo de error y convirti\u00e9ndolo en exitoso solo en el l\u00edmite cfg80211, dejando el error para personas que llaman mal de ieee80211_gtk_rekey_add().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.