PT-2024-14740 · Linux+7 · Linux Kernel+7

Published

2023-10-25

Updated

2025-09-29

CVE-2023-52777

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the wifi: ath11k: fix gtk offload status event locking in the Linux kernel. The ath11k active pdevs are protected by RCU, but the gtk offload status event handling code calling ath11k mac get arvif by vdev id() was not marked as a read-side critical section. This could lead to potential use-after-free issues. The code in question has been marked as an RCU read-side critical section to avoid these issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2025_16880

BDU:2025-07483

CESA-2024_5101

CESA-2024_5102

CVE-2023-52777

INFSA-2024_5101

INFSA-2024_5102

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2024-14740 · Linux+7 · Linux Kernel+7

CVE-2023-52777

Weakness Enumeration

Related Identifiers

Affected Products

References · 2973