CVE-2023-52530 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc4::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.107.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.107.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.107.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.64.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:4740	2024-07-23T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09
https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36
https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b
https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d
https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0
https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022
https://lore.kernel.org/linux-cve-announce/2024030255-CVE-2023-52530-ebf0@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52530
https://www.cve.org/CVERecord?id=CVE-2023-52530

History

Wed, 11 Dec 2024 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.6:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.6:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.6:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.6:rc4::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09

Tue, 22 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0 https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022

Thu, 08 Aug 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:52:34.966Z

Updated: 2025-05-04T12:49:12.815Z

Reserved: 2024-02-20T12:30:33.318Z

Link: CVE-2023-52530

Vulnrichment

Updated: 2024-08-02T23:03:20.550Z

NVD

Status : Analyzed

Published: 2024-03-02T22:15:48.567

Modified: 2024-12-11T16:26:57.617

Link: CVE-2023-52530

Redhat

Severity : Moderate

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52530 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52530", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.318Z", "datePublished": "2024-03-02T21:52:34.966Z", "dateUpdated": "2025-05-04T12:49:12.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:49:12.815Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "versions": [{"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "2408f491ff998d674707725eadc47d8930aced09", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "e8e599a635066c50ac214c3e10858f1d37e03022", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "2f4e16e39e4f5e78248dd9e51276a83203950b36", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "65c72a7201704574dace708cbc96a8f367b1491d", "status": "affected", "versionType": "git"}, {"version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "31db78a4923ef5e2008f2eed321811ca79e7f71b", "status": "affected", "versionType": "git"}, {"version": "ef810e7c3d2a8fb3bbd23726599c487c30ea747e", "status": "affected", "versionType": "git"}, {"version": "a0a8a11d1630cd648dc1ce86da620b4e240e0315", "status": "affected", "versionType": "git"}, {"version": "6891c6fd2a500d1f39d1426765f610bdc2c2a39d", "status": "affected", "versionType": "git"}, {"version": "003aa22c9619b49efe950aca3aebd1235a04940d", "status": "affected", "versionType": "git"}, {"version": "6440f0ee8a1779f53526bccb9de00914daeb9094", "status": "affected", "versionType": "git"}, {"version": "2586fa0007dc6b7745da14250be7e3aae706b128", "status": "affected", "versionType": "git"}, {"version": "a9ab1b2e30e898440a22d7b1d7a5b0b7c6a8791f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.228", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.169", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.4.285"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.228"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.57"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.5.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1.47"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09"}, {"url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022"}, {"url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0"}, {"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}], "title": "wifi: mac80211: fix potential key use-after-free", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T16:13:28.190835Z", "id": "CVE-2023-52530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:13:37.206Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.550Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.550Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T16:13:28.190835Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:13:33.881Z"}}], "cna": {"title": "wifi: mac80211: fix potential key use-after-free", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "2408f491ff998d674707725eadc47d8930aced09", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "e8e599a635066c50ac214c3e10858f1d37e03022", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "2f4e16e39e4f5e78248dd9e51276a83203950b36", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "65c72a7201704574dace708cbc96a8f367b1491d", "versionType": "git"}, {"status": "affected", "version": "fdf7cb4185b60c68e1a75e61691c4afdc15dea0e", "lessThan": "31db78a4923ef5e2008f2eed321811ca79e7f71b", "versionType": "git"}, {"status": "affected", "version": "ef810e7c3d2a8fb3bbd23726599c487c30ea747e", "versionType": "git"}, {"status": "affected", "version": "a0a8a11d1630cd648dc1ce86da620b4e240e0315", "versionType": "git"}, {"status": "affected", "version": "6891c6fd2a500d1f39d1426765f610bdc2c2a39d", "versionType": "git"}, {"status": "affected", "version": "003aa22c9619b49efe950aca3aebd1235a04940d", "versionType": "git"}, {"status": "affected", "version": "6440f0ee8a1779f53526bccb9de00914daeb9094", "versionType": "git"}, {"status": "affected", "version": "2586fa0007dc6b7745da14250be7e3aae706b128", "versionType": "git"}, {"status": "affected", "version": "a9ab1b2e30e898440a22d7b1d7a5b0b7c6a8791f", "versionType": "git"}], "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.14"}, {"status": "unaffected", "version": "0", "lessThan": "4.14", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.285", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.228", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.169", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.57", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mac80211/cfg.c", "net/mac80211/key.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09"}, {"url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022"}, {"url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0"}, {"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.228", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.169", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.57", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.7", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.2.95"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.16.50"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.18.82"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.1.47"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.4.99"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.9.63"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.13.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:49:12.815Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52530", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:49:12.815Z", "dateReserved": "2024-02-20T12:30:33.318Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:34.966Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DF14889-9C7C-4838-BC5F-95C61573BF58", "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F39ABFAE-F845-49CA-BA9D-67206E6DD28F", "versionEndExcluding": "5.10.288", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F", "versionEndExcluding": "5.15.169", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0", "versionEndExcluding": "6.1.57", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B", "versionEndExcluding": "6.5.7", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: soluciona el posible Use After Free de la clave Cuando ieee80211_key_link() es llamado por ieee80211_gtk_rekey_add() pero devuelve 0 debido a la protecci\u00f3n KRACK (reinstalaci\u00f3n de clave id\u00e9ntica), ieee80211_gtk_rekey_add() a\u00fan devolver\u00e1 un puntero a la clave, en un posible Use After Free. Esto normalmente no sucede ya que iwlwifi solo lo llama en caso de descarga de recodificaci\u00f3n de WoWLAN, que tiene su propia protecci\u00f3n KRACK, pero a\u00fan es mejor solucionarlo, h\u00e1galo devolviendo un c\u00f3digo de error y convirti\u00e9ndolo en exitoso solo en el l\u00edmite cfg80211, dejando el error para personas que llaman mal de ieee80211_gtk_rekey_add()."}], "id": "CVE-2023-52530", "lastModified": "2024-12-11T16:26:57.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:48.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:3859", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.107.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:4740", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.64.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-23T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: mac80211: fix potential key use-after-free", "id": "2267787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267787"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: fix potential key use-after-free\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().", "A use-after-free flaw was found\u00a0in the Linux kernel\u2019s IEEE 802.11 networking stack implementation functionality, used by Wifi, in how a user triggers the error path of the ieee80211_gtk_rekey_add function. This flaw allows a local user to crash the system."], "name": "CVE-2023-52530", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52530\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52530\nhttps://lore.kernel.org/linux-cve-announce/2024030255-CVE-2023-52530-ebf0@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 9 is not affected by this vulnerability.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object