CVE-2023-52832: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't return unset power in ieee80211gettxpower()

We can get a UBSAN warning if ieee80211gettxpower() returns the INTMIN value mac80211 internally uses for "unset power level".

UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dumpstack+0x74/0x92 ubsanepilogue+0x9/0x50 handleoverflow+0x8d/0xd0 ubsanhandlemuloverflow+0xe/0x10 nl80211sendiface+0x688/0x6b0 [cfg80211] [...] cfg80211registerwdev+0x78/0xb0 [cfg80211] cfg80211netdevnotifiercall+0x200/0x620 [cfg80211] [...] ieee80211ifadd+0x60e/0x8f0 [mac80211] ieee80211registerhw+0xda5/0x1170 [mac80211]

In this case, simply return an error instead, to indicate that no data is available.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't return unset power in ieee80211gettxpower()

The Linux kernel CVE team has assigned CVE-2023-52832 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52832-b9d9@gregkh/T

Red Hat

Affected Software

21 affected componentsFixes available
redhat/kernel<4.14.331
4.14.331
redhat/kernel<4.19.300
4.19.300
redhat/kernel<5.4.262
5.4.262
redhat/kernel<5.10.202
5.10.202
redhat/kernel<5.15.140
5.15.140
redhat/kernel<6.1.64
6.1.64
redhat/kernel<6.5.13
6.5.13
redhat/kernel<6.6.3
6.6.3
redhat/kernel<6.7
6.7
Linux Linux kernel<4.14.331
Linux Linux kernel>=4.15<4.19.300
Linux Linux kernel>=4.20<5.4.262
Linux Linux kernel>=5.5<5.10.202
Linux Linux kernel>=5.11<5.15.140
Linux Linux kernel>=5.16<6.1.64
Linux Linux kernel>=6.2<6.5.13
Linux Linux kernel>=6.6<6.6.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f

Patch Available

https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846

Patch Available

https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62

Patch Available

https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6

Patch Available

https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7

Patch Available

https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea

Patch Available

https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a

Patch Available

https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f

Patch Available

https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18

Event History

May 21, 2024
CVE Published
via MITRE·03:31 PM
Data Sourced
via MITRE·03:31 PM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
May 22, 2024
Data Sourced
via Red Hat·05:31 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52832?

CVE-2023-52832 is classified as a potential integrity vulnerability within the Linux kernel.

2

How do I fix CVE-2023-52832?

To resolve CVE-2023-52832, update the Linux kernel to versions 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, or 6.7 as appropriate.

3

Which Linux kernel versions are affected by CVE-2023-52832?

CVE-2023-52832 affects multiple Linux kernel versions including those prior to 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, and 6.7.

4

What happens if CVE-2023-52832 is exploited?

Exploiting CVE-2023-52832 could lead to a potentially undefined behavior or a warning from UBSAN when the power level is not set.

5

Is CVE-2023-52832 specific to any distribution?

CVE-2023-52832 primarily affects the Red Hat distribution of the Linux kernel but can impact any system using the vulnerable kernel versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203