Integer overflow in Linux kernel mac80211
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52832 |
| CWE-ID | CWE-190 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 6.7 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f
https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62
https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18
https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea
https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846
https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6
https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a
https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7
https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
