Memory Corruption Vulnerability in Linux Kernel's Iwlwifi Driver
CVE-2023-53589

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 October 2025

What is CVE-2023-53589?

The vulnerability within the Linux kernel's Iwlwifi driver arises from improper handling of firmware responses, specifically concerning the 'n_channels' parameter. When the firmware returns a corrupted Multiple Channel Capability (MCC) response, it can specify an 'n_channels' value that exceeds the expected limit. This leads to the copying of excessive uninitialized memory, posing a risk of system instability or crash, especially if the value of 'n_channels' is significantly large. The solution involves implementing stringent checks on response lengths, ensuring the integrity of firmware data and safeguarding against potential runtime errors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux dcaf9f5ecb6f395152609bdc40660d9b593dca63

Linux dcaf9f5ecb6f395152609bdc40660d9b593dca63

Linux dcaf9f5ecb6f395152609bdc40660d9b593dca63 < 05ad5a4d421ce65652fcb24d46b7e273130240d6

References

https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa...
https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5...
https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d4...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.