In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().
History

Wed, 11 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 08 Nov 2024 16:00:00 +0000


Tue, 22 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 14:30:00 +0000


Thu, 08 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:52:34.966Z

Updated: 2024-12-19T08:21:33.879Z

Reserved: 2024-02-20T12:30:33.318Z

Link: CVE-2023-52530

cve-icon Vulnrichment

Updated: 2024-08-02T23:03:20.550Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-02T22:15:48.567

Modified: 2024-12-11T16:26:57.617

Link: CVE-2023-52530

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52530 - Bugzilla