CVE-2023-53589

Oct. 4, 2025, 4:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6
https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2
https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473
https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45
https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30
https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-10-04
CVE-2023-53589

Timeline

Published: Oct. 4, 2025, 4:15 p.m.
Last Modified: Oct. 4, 2025, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.