CVE-2023-53822

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ath11k driver related to handling fragmented packets from an uninitialized peer in datapath (dp). Specifically, when a maximum number of virtual access point (AP) interfaces are configured across all bands with Access Control System (ACS) enabled, and hostapd is restarted frequently (every 60 seconds), a crash can occur. This happens when a fragmented packet is received for a self-peer where the rx tid and rx frags are not initialized. Attempting to process this fragment leads to a crash due to an uninitialized rx frag list and a subsequent null pointer dereference within the ath11k dp rx h sort frags function. The issue is addressed by checking a dp setup done flag before processing received fragments, ensuring the peer has completed its datapath peer setup for the fragment queue. If the flag is not set, the fragments are ignored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.