#VU91388 Out-of-bounds read in Linux kernel - CVE-2023-52827

Cybersecurity Help s.r.o.

Published: 2024-06-08 | Updated: 2025-05-13

Vulnerability identifier: #VU91388

Vulnerability risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52827

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to read data or crash the application.

The vulnerability exists due to an out-of-bounds read error within the ath12k_htt_pull_ppdu_stats() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can read data or crash the application.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.5, 6.5 rc1, 6.5 rc5, 6.5 rc7, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.5.11, 6.5.12, 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.7 rc1, 6.7 rc2, 6.7 rc3, 6.7 rc5, 6.7 rc6, 6.7 rc7

External links
https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57
https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c
https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Out-of-bounds read in Linux kernel ath ath12k driver