CVE-2023-52777

wifi: ath11k: fix gtk offload status event locking

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6d patch
https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fca patch
https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8a patch
https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221 patch

Frequently Asked Questions

What is the severity of CVE-2023-52777?
CVE-2023-52777 has been scored as a high severity vulnerability.
How to fix CVE-2023-52777?
To fix CVE-2023-52777, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52777 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52777 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52777?
CVE-2023-52777 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.