CVE-2023-53554
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 4.15 (inc) to 4.19.291 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.8 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.43 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.124 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.190 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.253 (exc) |
| linux | linux_kernel | From 4.12 (inc) to 4.14.322 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential buffer overflow in the Linux kernel's ks7010 wireless driver, specifically in the function ks_wlan_set_encode_ext(). It occurs because the key length (exc->key_len), which is a 16-bit unsigned integer provided by the user, can exceed the maximum allowed size (IW_ENCODING_TOKEN_MAX, which is 64). If the key length is larger than this limit, it can cause memory corruption.
How can this vulnerability impact me? :
If exploited, this buffer overflow vulnerability could lead to memory corruption in the Linux kernel. This may result in system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, compromising the security and reliability of the affected system.