CVE-2023-52777

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix gtk offload status event locking

The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical section.

Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues.

Compile tested only.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa16d9b50cfbaf112401b8e5ccfa852709f498cd4 < 0cf7577b6b3153b4b49deea9719fe43f96469c6daffected
LinuxLinuxa16d9b50cfbaf112401b8e5ccfa852709f498cd4 < cf9c7d783a2bf9305df4ef5b93d9063a52e18fcaaffected
LinuxLinuxa16d9b50cfbaf112401b8e5ccfa852709f498cd4 < e83246ecd3b193f8d91fce778e8a5ba747fc7d8aaffected
LinuxLinuxa16d9b50cfbaf112401b8e5ccfa852709f498cd4 < 1dea3c0720a146bd7193969f2847ccfed5be2221affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.64 <= 6.1.*unaffected
LinuxLinux6.5.13 <= 6.5.*unaffected
LinuxLinux6.6.3 <= 6.6.*unaffected
LinuxLinux6.7 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References