摘要:
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.
These are found during code review.
Compile test only.
安全等级: Low
公告ID: KylinSec-SA-2024-2491
发布日期: 2024年5月30日
关联CVE: CVE-2023-52827
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.
These are found during code review.
Compile test only.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-52827 | KY3.4-4A | kernel | Unaffected |
| CVE-2023-52827 | KY3.4-5 | kernel | Unaffected |
| CVE-2023-52827 | KY3.5.1 | kernel | Unaffected |
| CVE-2023-52827 | KY3.5.3 | kernel | Unaffected |
| CVE-2023-52827 | V6 | kernel | Unaffected |
