Input validation error in Linux kernel wireless

Published: 2025-05-04 | Updated: 2025-05-10

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-53113
CWE-ID	CWE-20
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU108511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53113

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_off_channel_oper_allowed() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.3 rc6

CPE2.3

External links

https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a
https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a
https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.21
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.