Home

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we have an incorrect pkt_len or pkt_tag, the input skb is considered invalid and dropped. All the associated packets already in skb_pool should be dropped and freed. Added a comment describing this issue. The patch also makes remain_skb NULL after being processed so that it cannot be referenced after potential free. The initialization of hif_dev fields which are associated with remain_skb (rx_remain_len, rx_transfer_len and rx_pad_len) is moved after a new remain_skb is allocated. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

PUBLISHED Reserved 2025-09-15 | Published 2025-09-15 | Updated 2025-09-15 | Assigner Linux

Product status

Default status
unaffected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before 3fc6401fafde11712a83089fa2cc874cfd10e2cd
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before cd8316767099920a5d41feed1afab0c482a43e9f
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before f26dd69f61eff2eedf5df2d199bdd23108309947
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before 61490d2710277e8a55009b7682456ae22f8087cf
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before 9acdec72787af1bc8ed92711b52118c8e3e638a2
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before c766e37fccd5a5c5059be7efcd9618bf8a2c17c3
affected

44b23b488d44e56d467764ecb661830e5b02b308 (git) before 0af54343a76263a12dbae7fafb64eb47c4a6ad38
affected

Default status
affected

2.6.38
affected

Any version before 2.6.38
unaffected

4.19.276 (semver)
unaffected

5.4.235 (semver)
unaffected

5.10.173 (semver)
unaffected

5.15.99 (semver)
unaffected

6.1.16 (semver)
unaffected

6.2.3 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/3fc6401fafde11712a83089fa2cc874cfd10e2cd

git.kernel.org/...c/cd8316767099920a5d41feed1afab0c482a43e9f

git.kernel.org/...c/f26dd69f61eff2eedf5df2d199bdd23108309947

git.kernel.org/...c/61490d2710277e8a55009b7682456ae22f8087cf

git.kernel.org/...c/9acdec72787af1bc8ed92711b52118c8e3e638a2

git.kernel.org/...c/c766e37fccd5a5c5059be7efcd9618bf8a2c17c3

git.kernel.org/...c/0af54343a76263a12dbae7fafb64eb47c4a6ad38

cve.org (CVE-2023-53199)

nvd.nist.gov (CVE-2023-53199)

Download JSON