Home

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.

PUBLISHED Reserved 2025-10-04 | Published 2025-10-04 | Updated 2025-10-04 | Assigner Linux

Product status

Default status
unaffected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before e519a404a5bbba37693cb10fa61794a5fce4fd9b
affected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before d0d39bed9e95f27a246be91c5929254ac043ed30
affected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before 05ad5a4d421ce65652fcb24d46b7e273130240d6
affected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before 557ba100d8cf3661ff8d71c0b4a2cba8db555ec2
affected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before c176f03350954b795322de0bfe1d7b514db41f45
affected

dcaf9f5ecb6f395152609bdc40660d9b593dca63 before 682b6dc29d98e857e6ca4bbc077c7dc2899b7473
affected

Default status
affected

4.1
affected

Any version before 4.1
unaffected

5.4.244
unaffected

5.10.181
unaffected

5.15.113
unaffected

6.1.30
unaffected

6.3.4
unaffected

6.4
unaffected

References

git.kernel.org/...c/e519a404a5bbba37693cb10fa61794a5fce4fd9b

git.kernel.org/...c/d0d39bed9e95f27a246be91c5929254ac043ed30

git.kernel.org/...c/05ad5a4d421ce65652fcb24d46b7e273130240d6

git.kernel.org/...c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2

git.kernel.org/...c/c176f03350954b795322de0bfe1d7b514db41f45

git.kernel.org/...c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473

cve.org (CVE-2023-53589)

nvd.nist.gov (CVE-2023-53589)

Download JSON