Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.19, < 6.1.64 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6dPatch
- https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221Patch
- https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fcaPatch
- https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8aPatch
- https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6dPatch
- https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221Patch
- https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fcaPatch
- https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8aPatch
FAQ
What is CVE-2023-52777?
CVE-2023-52777 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event h...
How severe is CVE-2023-52777?
CVE-2023-52777 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52777?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.