CVE-2023-53524

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An integer overflow occurs in the iwl write to user buf() function, which is called by the iwl dbgfs monitor data read() function. If a SIZE MAX value is passed to the count parameter, a negative value is assigned to buf size left, leading to a heap overflow when used as an argument in the copy to user function. This issue is present in a debugfs operation with 0400 privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-16231

CVE-2023-53524

RHSA-2023:6583

RHSA-2023:7077

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Linux Kernel

Suse

CVE-2023-53524

Weakness Enumeration

Related Identifiers

Affected Products

References · 867