CVE-2023-53321

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211_hwsim: drop short frames

While technically some control frames like ACK are shorter and end after Address 1, such frames shouldn't be forwarded through wmediumd or similar userspace, so require the full 3-address header to avoid accessing invalid memory if shorter frames are passed in.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < 3beb97bed860d95b14ad23578ce8ddaea62023dbaffected
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < 672205c6f2d11978fcd7f0f336bb2c708e28874baffected
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < c64ee9dd335832d5e2ab0a8fc83a34ad4c729799affected
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < b9a175e3b250b0dc6e152988040aa5014e98e61eaffected
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < 89a41ed7f21476301659ebd25ccb48a60791c1a7affected
LinuxLinux05d610af3e71a782fa28a1351b687da982d208ee < fba360a047d5eeeb9d4b7c3a9b1c8308980ce9a6affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.257 <= 5.4.*unaffected
LinuxLinux5.10.197 <= 5.10.*unaffected
LinuxLinux5.15.133 <= 5.15.*unaffected
LinuxLinux6.1.55 <= 6.1.*unaffected
LinuxLinux6.5.5 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References