CVE-2023-52611

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the wifi: rtw88: sdio: Honor the host max req size in the RX path. Lukas reported skb over panic errors on his Banana Pi BPI-CM4, which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error is identical to what has been fixed in a previous commit, but that commit did not fix Lukas' problem. The Amlogic A311D (G12B) SoC has a hardware bug in the SDIO controller, which prevents DMA transfers and limits transfers to 1536 bytes. The rtw88 chips do not split incoming packets, and if a big packet is received, it is forwarded to the host in its original form. The chips can also do RX aggregation, which allows multiple incoming packets to be pulled by the host from the card with one MMC/SDIO transfer. This depends on settings in the REG RXDMA AGG PG TH register. To resolve the issue, multiple consecutive reads are used in rtw sdio read port(), and the number of bytes copied by the host from the card in one MMC/SDIO transfer is limited. In case of receive errors, the remaining data from the card's buffer needs to be drained to prevent corrupt data from being returned.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.