CVE-2023-53589

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the iwlwifi mvm module where it incorrectly trusts the number of channels (n channels) reported by the firmware. A corrupted response from the firmware with an excessively large n channels value can lead to out-of-bounds memory access during the copy operation of the firmware response, potentially causing a system crash. The issue arises because the code does not adequately validate the length of the firmware response before copying data into a buffer allocated for it.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

BDU:2026-04421

CVE-2023-53589

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Linux Kernel

Suse

CVE-2023-53589

Weakness Enumeration

Related Identifiers

Affected Products

References · 618