Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an integer overflow if a user of the nl80211 interface specifies 256 or more elements in the corresponding attribute in userspace. The integer overflow can lead to a heap buffer overflow as num_elems determines the size of the trailing array in elems, and this array is thereafter written to for each element in attrs. Note that this vulnerability only affects devices with the wiphy->mbssid_max_interfaces member set for the wireless physical device struct in the device driver, and can only be triggered by a process with CAP_NET_ADMIN capabilities. Fix this by checking for a maximum of 255 elements in attrs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.16, < 6.1.46 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/6311071a056272e1e761de8d0305e87cc566f734Patch
- https://git.kernel.org/stable/c/7d09f9f255a5f78578deba5454923072bb53b16cPatch
- https://git.kernel.org/stable/c/e642eb67b8c10dcce758d549cc81564116e0fa49Patch
FAQ
What is CVE-2023-53570?
CVE-2023-53570 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to c...
How severe is CVE-2023-53570?
CVE-2023-53570 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53570?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.