CVE-2023-53785

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the mt76 and mt7921 components related to SDIO header handling. Specifically, the mt7921 usb sdio tx prepare skb() function does not adequately ensure sufficient headroom in skb (socket buffer) structures when preparing data for transmission. This can lead to kernel panics when bridging an MT7921AU-based USB 802.11ax interface with an Ethernet interface, particularly on systems where the receiving network device leaves limited headroom in received skbs. The issue arises from blindly prepending bytes to an skb without verifying available space. The fix involves a call to skb cow head() to guarantee sufficient headroom for SDIO headers. Exploitation can be triggered by bridging the affected interface, and has been observed on Raspberry Pi OS Lite and Intel Atom-based systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.