Memory Corruption Vulnerability in Linux Kernel's Iwlwifi Driver
CVE-2023-53589

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2023-53589?

The vulnerability within the Linux kernel's Iwlwifi driver arises from improper handling of firmware responses, specifically concerning the 'n_channels' parameter. When the firmware returns a corrupted Multiple Channel Capability (MCC) response, it can specify an 'n_channels' value that exceeds the expected limit. This leads to the copying of excessive uninitialized memory, posing a risk of system instability or crash, especially if the value of 'n_channels' is significantly large. The solution involves implementing stringent checks on response lengths, ensuring the integrity of firmware data and safeguarding against potential runtime errors.

Affected Version(s)

Linux dcaf9f5ecb6f395152609bdc40660d9b593dca63

Linux dcaf9f5ecb6f395152609bdc40660d9b593dca63 < 05ad5a4d421ce65652fcb24d46b7e273130240d6

References

https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa...

https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5...

https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON