CVE-2023-53180

MEDIUM

Linux Kernel 6.3-6.4.7 - NULL Pointer Dereference in ath12k Management Transmit Cleanup

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup Currently 'ar' reference is not added in skb_cb. Though this is generally not used during transmit completion callbacks, on interface removal the remaining idr cleanup callback uses the ar pointer from skb_cb from management txmgmt_idr. Hence fill them during transmit call for proper usage to avoid NULL pointer dereference. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/7382d02160ef93c806fe1c1d4ef1fec445266747

Patch

https://git.kernel.org/stable/c/054b5580a36e435692c203c19abdcb9f7734320e

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (7)

Linux/Linux < 6.3

Linux/Linux 6.3

Linux/Linux 6.4.7 - 6.4.*

Linux/Linux 6.5

Linux/Linux d889913205cf7ebda905b1e62c5867ed4e39f6c2 - 054b5580a36e435692c203c19abdcb9f7734320e

Linux/Linux d889913205cf7ebda905b1e62c5867ed4e39f6c2 - 7382d02160ef93c806fe1c1d4ef1fec445266747

linux/linux_kernel 6.3 - 6.4.7

Published Sep 15, 2025

Tracked Since Feb 18, 2026