CVE-2023-7042

MEDIUM

Linux Kernel - Denial of Service via Null Pointer Dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev

Title source: llm

Description

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

References (7)

Core 7

Core References

Mailing List, Patch

https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-7042

Issue Tracking, Patch, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2255497

Scores

CVSS v3 4.4

EPSS 0.0028

EPSS Percentile 19.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

linux/linux_kernel

Published Dec 21, 2023

Tracked Since Feb 18, 2026