Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.

INFO

Published Date :

2025-10-04T15:44:04.047Z

Last Modified :

2025-10-04T15:44:04.047Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53589 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53589.

URL Resource
https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6 cve-icon cve-icon
https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2 cve-icon cve-icon
https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473 cve-icon cve-icon
https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45 cve-icon cve-icon
https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30 cve-icon cve-icon
https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100426-CVE-2023-53589-22f7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53589 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53589 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact