{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54029", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:53:46.180Z", "datePublished": "2025-12-24T10:55:57.443Z", "dateUpdated": "2025-12-24T10:55:57.443Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T10:55:57.443Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO\n\nFor MLO, we cannot use vif->bss_conf.chandef.chan->band, since\nthat will lead to a NULL-ptr dereference as bss_conf isn't used.\nHowever, in case of real MLO, we also need to take both LMACs\ninto account if they exist, since the station might be active\non both LMACs at the same time."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/tx.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "63e2d06adf6b0842132ba89efdf8fada5f7ff1ac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4489aa868bc6343afdaf5ef324af5b1f64962b25", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b2bc600cced23762d4e97db8989b18772145604f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/tx.c"], "versions": [{"version": "6.1.30", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.4", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/63e2d06adf6b0842132ba89efdf8fada5f7ff1ac"}, {"url": "https://git.kernel.org/stable/c/4489aa868bc6343afdaf5ef324af5b1f64962b25"}, {"url": "https://git.kernel.org/stable/c/b2bc600cced23762d4e97db8989b18772145604f"}], "title": "wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO\n\nFor MLO, we cannot use vif->bss_conf.chandef.chan->band, since\nthat will lead to a NULL-ptr dereference as bss_conf isn't used.\nHowever, in case of real MLO, we also need to take both LMACs\ninto account if they exist, since the station might be active\non both LMACs at the same time."}], "id": "CVE-2023-54029", "lastModified": "2025-12-24T11:15:55.900", "metrics": {}, "published": "2025-12-24T11:15:55.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4489aa868bc6343afdaf5ef324af5b1f64962b25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/63e2d06adf6b0842132ba89efdf8fada5f7ff1ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b2bc600cced23762d4e97db8989b18772145604f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}