CVE-2023-54300

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s ath9k module related to handling wireless communication. Specifically, the issue involves referencing uninitialized memory within the ath9k wmi ctrl rx endpoint when processing data received through the ath9k htc rx msg function. This can occur if the received SKB (Socket Buffer) is improperly constructed, leading to an attempt to access memory that hasn't been initialized. The issue was identified through testing on a Qualcomm Atheros Communications AR9271 802.11n device using Syzkaller by the Linux Verification Center. The ath9k wmi ctrl rx function does not validate the packet length (pkt len) before accessing the SKB, potentially leading to the described memory access issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.