CVE-2023-52530

{"id": "CVE-2023-52530", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-02T22:15:48.567", "references": [{"url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: soluciona el posible Use After Free de la clave Cuando ieee80211_key_link() es llamado por ieee80211_gtk_rekey_add() pero devuelve 0 debido a la protecci\u00f3n KRACK (reinstalaci\u00f3n de clave id\u00e9ntica), ieee80211_gtk_rekey_add() a\u00fan devolver\u00e1 un puntero a la clave, en un posible Use After Free. Esto normalmente no sucede ya que iwlwifi solo lo llama en caso de descarga de recodificaci\u00f3n de WoWLAN, que tiene su propia protecci\u00f3n KRACK, pero a\u00fan es mejor solucionarlo, h\u00e1galo devolviendo un c\u00f3digo de error y convirti\u00e9ndolo en exitoso solo en el l\u00edmite cfg80211, dejando el error para personas que llaman mal de ieee80211_gtk_rekey_add()."}], "lastModified": "2024-12-11T16:26:57.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DF14889-9C7C-4838-BC5F-95C61573BF58", "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39ABFAE-F845-49CA-BA9D-67206E6DD28F", "versionEndExcluding": "5.10.288", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F", "versionEndExcluding": "5.15.169", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0", "versionEndExcluding": "6.1.57", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B", "versionEndExcluding": "6.5.7", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}