CVE-2023-52768 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of possible indexes used later: allocation size is missing a multiplication by sizeof(u32)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e
https://lore.kernel.org/linux-cve-announce/2024052149-CVE-2023-52768-68fc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52768
https://www.cve.org/CVERecord?id=CVE-2023-52768

History

Tue, 05 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H'}`

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:30:51.656Z

Updated: 2024-11-05T17:17:15.027Z

Reserved: 2024-05-21T15:19:24.238Z

Link: CVE-2023-52768

Vulnrichment

Updated: 2024-08-02T23:11:35.520Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T16:15:15.983

Modified: 2024-11-05T18:35:03.960

Link: CVE-2023-52768

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52768 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52768", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.238Z", "datePublished": "2024-05-21T15:30:51.656Z", "dateUpdated": "2024-11-05T17:17:15.027Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:52:19.457Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: use vmm_table as array in wilc struct\n\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\n\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\n\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/microchip/wilc1000/wlan.c"], "versions": [{"version": "32dd0b22a5ba", "lessThan": "541b3757fd44", "status": "affected", "versionType": "git"}, {"version": "40b717bfcefa", "lessThan": "4b0d6ddb6466", "status": "affected", "versionType": "git"}, {"version": "40b717bfcefa", "lessThan": "6aaf7cd8bdfe", "status": "affected", "versionType": "git"}, {"version": "40b717bfcefa", "lessThan": "3ce1c2c3999b", "status": "affected", "versionType": "git"}, {"version": "40b717bfcefa", "lessThan": "05ac1a198a63", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/microchip/wilc1000/wlan.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.140", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8"}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27"}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e"}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c"}, {"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3"}], "title": "wifi: wilc1000: use vmm_table as array in wilc struct", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-29T18:50:15.574062Z", "id": "CVE-2023-52768", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T17:17:15.027Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.520Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.520Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52768", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T18:50:15.574062Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T18:50:21.007Z"}}], "cna": {"title": "wifi: wilc1000: use vmm_table as array in wilc struct", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "32dd0b22a5ba", "lessThan": "541b3757fd44", "versionType": "git"}, {"status": "affected", "version": "40b717bfcefa", "lessThan": "4b0d6ddb6466", "versionType": "git"}, {"status": "affected", "version": "40b717bfcefa", "lessThan": "6aaf7cd8bdfe", "versionType": "git"}, {"status": "affected", "version": "40b717bfcefa", "lessThan": "3ce1c2c3999b", "versionType": "git"}, {"status": "affected", "version": "40b717bfcefa", "lessThan": "05ac1a198a63", "versionType": "git"}], "programFiles": ["drivers/net/wireless/microchip/wilc1000/wlan.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.140", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.64", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/microchip/wilc1000/wlan.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8"}, {"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27"}, {"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e"}, {"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c"}, {"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: use vmm_table as array in wilc struct\n\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\n\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\n\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:52:19.457Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52768", "state": "PUBLISHED", "dateUpdated": "2024-11-05T17:17:15.027Z", "dateReserved": "2024-05-21T15:19:24.238Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:30:51.656Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: use vmm_table as array in wilc struct\n\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\n\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\n\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: wilc1000: use vmm_table como matriz en wilc struct. Al habilitar KASAN y ejecutar algunas pruebas de iperf se generan algunos problemas de memoria con vmm_table: BUG: KASAN: slab-out-of-bounds en wilc_wlan_handle_txq +0x6ac/0xdb4 Escritura de tama\u00f1o 4 en la direcci\u00f3n c3a61540 mediante la tarea wlan0-tx/95 KASAN detecta que estamos escribiendo datos m\u00e1s all\u00e1 del rango asignado a vmm_table. De hecho, existe una discrepancia entre el tama\u00f1o pasado al asignador en wilc_wlan_init y el rango de posibles \u00edndices utilizados m\u00e1s adelante: al tama\u00f1o de la asignaci\u00f3n le falta una multiplicaci\u00f3n por sizeof(u32)"}], "id": "CVE-2023-52768", "lastModified": "2024-11-05T18:35:03.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T16:15:15.983", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: wifi: wilc1000: use vmm_table as array in wilc struct", "id": "2282737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282737"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: wilc1000: use vmm_table as array in wilc struct\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"], "name": "CVE-2023-52768", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52768\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52768\nhttps://lore.kernel.org/linux-cve-announce/2024052149-CVE-2023-52768-68fc@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.140, kernel 6.1.64, kernel 6.5.13, kernel 6.6.3, kernel 6.7"}