CVE-2023-52594: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()

Published Mar 6, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus()

Fix an array-index-out-of-bounds read in ath9khtctxstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTCMAXTXSTATUS. WARNON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case.

Found by a modified version of syzkaller.

UBSAN: array-index-out-of-bounds in htcdrvtxrx.c index 13 is out of range for type 'wmieventtxstatus [12]' Call Trace: ath9khtctxstatus ath9kwmieventtasklet taskletactioncommon dosoftirq irqexitrxu sysvecapictimerinterrupt

Other sources

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus()

The Linux kernel CVE team has assigned CVE-2023-52594 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030645-CVE-2023-52594-9b84@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds read in ath9khtctxstatus(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

20 affected componentsFixes available
Linux Linux kernel<4.19.307
Linux Linux kernel>=4.20<5.4.269
Linux Linux kernel>=5.5<5.10.210
Linux Linux kernel>=5.11<5.15.149
Linux Linux kernel>=5.16<6.1.77
Linux Linux kernel>=6.2<6.6.16
Linux Linux kernel>=6.7<6.7.4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-1
redhat/kernel<4.19.307
4.19.307
redhat/kernel<5.4.269
5.4.269
redhat/kernel<5.10.210
5.10.210
redhat/kernel<5.15.149
5.15.149
redhat/kernel<6.1.77
6.1.77
redhat/kernel<6.6.16
6.6.16
redhat/kernel<6.7.4
6.7.4
redhat/kernel<6.8
6.8

Remediation

Patch Available

https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234

Patch Available

https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348

Patch Available

https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1

Patch Available

https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9

Patch Available

https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1

Patch Available

https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d

Patch Available

https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225

Patch Available

https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc

Patch Available

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Patch Available

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Event History

Mar 6, 2024
CVE Published
via MITRE·06:45 AM
Data Sourced
via MITRE·06:45 AM
Description
Data Sourced
via Red Hat·10:19 PM
DescriptionSeverityAffected Software
Mar 27, 2024
Data Sourced
via Launchpad·09:55 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·11:16 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52594?

CVE-2023-52594 is classified as a medium severity vulnerability due to potential array-index-out-of-bounds read which may lead to information disclosure.

2

How do I fix CVE-2023-52594?

To fix CVE-2023-52594, update the kernel package to version 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, or 6.8 as applicable.

3

What types of systems are affected by CVE-2023-52594?

CVE-2023-52594 affects systems running specific versions of the Linux kernel, particularly versions prior to 6.8.

4

Is there a workaround for CVE-2023-52594?

There is no known workaround for CVE-2023-52594; the recommended action is to upgrade to the patched kernel versions.

5

When was CVE-2023-52594 discovered?

CVE-2023-52594 was announced as resolved in the Linux kernel updates released in early 2023.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203