CVE-2023-52594

Updated: 2025-08-20 02:22:17.249126

Description:

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2024-08-01 14:33:49
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1761139764 2025-11-10 19:51:05
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1759431860 2025-10-16 00:04:44
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2026:1771078945 2026-02-14 21:39:22
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2026:1771077729 2026-02-14 21:39:24
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2024-06-09 14:19:19
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-09-23 11:24:12 Postponed until request or high risk detected
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1761074747 2025-10-21 22:30:23
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1759431869 2025-10-02 23:04:03
RHEL 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1759432250 2025-10-02 23:04:30
Total: 13