Home

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16) WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017 RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Call Trace: <TASK> iwl_set_dynamic_key+0x1f0/0x220 [iwldvm] iwlagn_mac_set_key+0x1e4/0x280 [iwldvm] drv_set_key+0xa4/0x1b0 [mac80211] ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211] ieee80211_key_replace+0x22d/0x8e0 [mac80211] <snip>

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 76b5ea43ad2fb4f726ddfaff839430a706e7d7c2
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3ed3c1c2fc3482b72e755820261779cd2e2c5a3e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before fa57021262e998e2229d6383b1081638df2fe238
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 91ad1ab3cc7e981cb6d6ee100686baed64e1277e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 87940e4030e4705e1f3fd2bbb1854eae8308314b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 57189c885149825be8eb8c3524b5af017fdeb941
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 6cd644f66b43709816561d63e0173cb0c7aab159
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ef16799640865f937719f0771c93be5dca18adc6
affected

Default status
affected

4.14.316 (semver)
unaffected

4.19.284 (semver)
unaffected

5.4.244 (semver)
unaffected

5.10.181 (semver)
unaffected

5.15.113 (semver)
unaffected

6.1.30 (semver)
unaffected

6.3.4 (semver)
unaffected

6.4 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/76b5ea43ad2fb4f726ddfaff839430a706e7d7c2

git.kernel.org/...c/3ed3c1c2fc3482b72e755820261779cd2e2c5a3e

git.kernel.org/...c/fa57021262e998e2229d6383b1081638df2fe238

git.kernel.org/...c/91ad1ab3cc7e981cb6d6ee100686baed64e1277e

git.kernel.org/...c/87940e4030e4705e1f3fd2bbb1854eae8308314b

git.kernel.org/...c/57189c885149825be8eb8c3524b5af017fdeb941

git.kernel.org/...c/6cd644f66b43709816561d63e0173cb0c7aab159

git.kernel.org/...c/ef16799640865f937719f0771c93be5dca18adc6

cve.org (CVE-2023-54286)

nvd.nist.gov (CVE-2023-54286)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.