{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52530", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.318Z", "datePublished": "2024-03-02T21:52:34.966Z", "dateUpdated": "2024-08-02T23:03:20.550Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:13:29.066Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "versions": [{"version": "fdf7cb4185b6", "lessThan": "2f4e16e39e4f", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b6", "lessThan": "65c72a720170", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b6", "lessThan": "31db78a4923e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}], "title": "wifi: mac80211: fix potential key use-after-free", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T16:13:28.190835Z", "id": "CVE-2023-52530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:13:37.206Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.550Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.550Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T16:13:28.190835Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:13:33.881Z"}}], "cna": {"title": "wifi: mac80211: fix potential key use-after-free", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "fdf7cb4185b6", "lessThan": "2f4e16e39e4f", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b6", "lessThan": "65c72a720170", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b6", "lessThan": "31db78a4923e", "versionType": "git"}], "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.14"}, {"status": "unaffected", "version": "0", "lessThan": "4.14", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.57", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "custom", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:13:29.066Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52530", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:03:20.550Z", "dateReserved": "2024-02-20T12:30:33.318Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:34.966Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: soluciona el posible Use After Free de la clave Cuando ieee80211_key_link() es llamado por ieee80211_gtk_rekey_add() pero devuelve 0 debido a la protecci\u00f3n KRACK (reinstalaci\u00f3n de clave id\u00e9ntica), ieee80211_gtk_rekey_add() a\u00fan devolver\u00e1 un puntero a la clave, en un posible Use After Free. Esto normalmente no sucede ya que iwlwifi solo lo llama en caso de descarga de recodificaci\u00f3n de WoWLAN, que tiene su propia protecci\u00f3n KRACK, pero a\u00fan es mejor solucionarlo, h\u00e1galo devolviendo un c\u00f3digo de error y convirti\u00e9ndolo en exitoso solo en el l\u00edmite cfg80211, dejando el error para personas que llaman mal de ieee80211_gtk_rekey_add()."}], "id": "CVE-2023-52530", "lastModified": "2024-03-04T13:58:23.447", "metrics": {}, "published": "2024-03-02T22:15:48.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:4740", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.64.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-23T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: mac80211: fix potential key use-after-free", "id": "2267787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267787"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: fix potential key use-after-free\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().", "A use-after-free flaw was found\u00a0in the Linux kernel\u2019s IEEE 802.11 networking stack implementation functionality, used by Wifi, in how a user triggers the error path of the ieee80211_gtk_rekey_add function. This flaw allows a local user to crash the system."], "name": "CVE-2023-52530", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52530\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52530\nhttps://lore.kernel.org/linux-cve-announce/2024030255-CVE-2023-52530-ebf0@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 9 is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.57, kernel 6.5.7, kernel 6.6"}