DEBIAN-CVE-2023-53717

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2023-53717

Published: 22 Oct 2025, 14:15

Last modified:28 Apr 2026, 20:27

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Oct 2025, 14:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:27

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx Write of size 4 Call Trace: memcpy ath9k_wmi_ctrl_rx ath9k_htc_rx_msg ath9k_hif_usb_reg_in_cb __usb_hcd_giveback_urb usb_hcd_giveback_urb dummy_timer call_timer_fn run_timer_softirq __do_softirq irq_exit_rcu sysvec_apic_timer_interrupt

Affected Systems

debian•linux
< 5.10.178-1 | < 6.1.20-1 | < 6.1.20-1 | < 6.1.20-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2023-53717