DEBIAN-CVE-2023-53315

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53315

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53315.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53315

Upstream

CVE-2023-53315

Published

2025-09-16T17:15:37Z

Modified

2025-09-30T05:16:23.453622Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix SKB corruption in REO destination ring While running traffics for a long time, randomly an RX descriptor filled with value "0" from REO destination ring is received. This descriptor which is invalid causes the wrong SKB (SKB stored in the IDR lookup with buffer id "0") to be fetched which in turn causes SKB memory corruption issue and the same leads to crash after some time. Changed the start id for idr allocation to "1" and the buffer id "0" is reserved for error validation. Introduced Sanity check to validate the descriptor, before processing the SKB. Crash Signature : Unable to handle kernel paging request at virtual address 3f004900 PC points to "b15dmainvrange+0x30/0x50" LR points to "dmacachemaintpage+0x8c/0x128". The Backtrace obtained is as follows: [<8031716c>] (b15dmainvrange) from [<80313a4c>] (dmacachemaintpage+0x8c/0x128) [<80313a4c>] (dmacachemaintpage) from [<80313b90>] (dmapagedevtocpu+0x28/0xcc) [<80313b90>] (dmapagedevtocpu) from [<7fb5dd68>] (ath11kdpprocessrx+0x1e8/0x4a4 [ath11k]) [<7fb5dd68>] (ath11kdpprocessrx [ath11k]) from [<7fb53c20>] (ath11kdpservicesrng+0xb0/0x2ac [ath11k]) [<7fb53c20>] (ath11kdpservicesrng [ath11k]) from [<7f67bba4>] (ath11kpciextgrpnapipoll+0x1c/0x78 [ath11kpci]) [<7f67bba4>] (ath11kpciextgrpnapipoll [ath11kpci]) from [<807d5cf4>] (napipoll+0x28/0xb8) [<807d5cf4>] (napipoll) from [<807d5f28>] (netrxaction+0xf0/0x280) [<807d5f28>] (netrxaction) from [<80302148>] (dosoftirq+0xd0/0x280) [<80302148>] (dosoftirq) from [<80320408>] (irqexit+0x74/0xd4) [<80320408>] (irqexit) from [<803638a4>] (handledomainirq+0x90/0xb4) [<803638a4>] (handledomainirq) from [<805bedec>] (gichandleirq+0x58/0x90) [<805bedec>] (gichandleirq) from [<80301a78>] (irqsvc+0x58/0x8c) Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

References

https://security-tracker.debian.org/tracker/CVE-2023-53315

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.191-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.37-1

Affected versions

6.*

6.1.27-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}