CVE-2023-52777

HIGH

Linux Kernel 5.19-6.1.64 6.5.13-6.5.* 6.6.3-6.6.* - Use-After-Free in ath11k GTK Offload Status Event Handler

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6d

Patch

https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fca

Patch

https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8a

Patch

https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (11)

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 6.1.64 - 6.1.*

Linux/Linux 6.5.13 - 6.5.*

Linux/Linux 6.6.3 - 6.6.*

Linux/Linux 6.7

Linux/Linux a16d9b50cfbaf112401b8e5ccfa852709f498cd4 - 0cf7577b6b3153b4b49deea9719fe43f96469c6d

Linux/Linux a16d9b50cfbaf112401b8e5ccfa852709f498cd4 - 1dea3c0720a146bd7193969f2847ccfed5be2221

Linux/Linux a16d9b50cfbaf112401b8e5ccfa852709f498cd4 - cf9c7d783a2bf9305df4ef5b93d9063a52e18fca

Linux/Linux a16d9b50cfbaf112401b8e5ccfa852709f498cd4 - e83246ecd3b193f8d91fce778e8a5ba747fc7d8a

... and 1 more

Published May 21, 2024

Tracked Since Feb 18, 2026