CVE-2023-54300
CVE-2023-54300 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (9th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-60504
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()"), ath9k_htc_rx_msg() should validate pkt_len before accessing the SKB. For example, the obtained SKB may have been badly constructed with pkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr but after being processed in ath9k_htc_rx_msg() and passed to ath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI command header which should be located inside its data payload. Implement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit memory can be referenced. Tested on Qualcomm Atheros Communications AR9271 802.11n . Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Frequently asked questions
- What is CVE-2023-54300?
- In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()"), ath9k_htc_rx_msg() should validate pkt_len before accessing the SKB. For example, the obtained SKB may have been badly constructed with pkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr but after being processed in ath9k_htc_rx_msg() and passed to ath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI command header which should be located inside its data payload. Implement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit memory can be referenced. Tested on Qualcomm Atheros Communications AR9271 802.11n . Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
- Is CVE-2023-54300 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2023-54300?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2023-54300 have an EU (EUVD) identifier?
- Yes. CVE-2023-54300 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-60504.
- When was CVE-2023-54300 published?
- CVE-2023-54300 was published on 2025-12-30 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/0bc12e41af4e3ae1f0efecc377f0514459df0707
- https://git.kernel.org/stable/c/250efb4d3f5b32a115ea6bf25437ba44a1b3c04f
- https://git.kernel.org/stable/c/28259ce4f1f1f9ab37fa817756c89098213d2fc0
- https://git.kernel.org/stable/c/75acec91aeaa07375cd5f418069e61b16d39bbad
- https://git.kernel.org/stable/c/8ed572e52714593b209e3aa352406aff84481179
- https://git.kernel.org/stable/c/90e3c10177573b8662ac9858abd9bf731d5d98e0
- https://git.kernel.org/stable/c/ad5425e70789c29b93acafb5bb4629e4eb908296
- https://git.kernel.org/stable/c/d1c2ff2bd84c3692c9df267a2b991ce92bfca8ef
- https://git.kernel.org/stable/c/f24292e827088bba8de7158501ac25a59b064953