CVE-2023-53822
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenario, a fragmented packet is received for self peer, for which rx_tid and rx_frags are not initialized in datapath. While handling this fragment, crash is observed as the rx_frag list is uninitialised and when we walk in ath11k_dp_rx_h_sort_frags, skb null leads to exception. To address this, before processing received fragments we check dp_setup_done flag is set to ensure that peer has completed its dp peer setup for fragment queue, else ignore processing the fragments. Call trace: ath11k_dp_process_rx_err+0x550/0x1084 [ath11k] ath11k_dp_service_srng+0x70/0x370 [ath11k] 0xffffffc009693a04 __napi_poll+0x30/0xa4 net_rx_action+0x118/0x270 __do_softirq+0x10c/0x244 irq_exit+0x64/0xb4 __handle_domain_irq+0x88/0xac gic_handle_irq+0x74/0xbc el1_irq+0xf0/0x1c0 arch_cpu_idle+0x10/0x18 do_idle+0x104/0x248 cpu_startup_entry+0x20/0x64 rest_init+0xd0/0xdc arch_call_rest_init+0xc/0x14 start_kernel+0x480/0x4b8 Code: f9400281 f94066a2 91405021 b94a0023 (f9406401) Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-06
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53822
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
qualcomm ath11k *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ath11k WiFi driver. When multiple virtual access point interfaces are configured across all bands with automatic channel selection (ACS) and hostapd restarts every 60 seconds, a crash can happen randomly. The issue arises because a fragmented packet is received for a self peer whose fragment-related data structures (rx_tid and rx_frags) are not initialized. Processing these uninitialized fragments causes a crash due to a null pointer exception in the fragment handling function. The fix involves checking a setup flag (dp_setup_done) before processing fragments to ensure the peer's fragment queue is properly initialized, ignoring fragments otherwise.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash randomly under specific WiFi configurations involving multiple virtual access points and frequent hostapd restarts. Such crashes can lead to system instability, denial of service, and potential disruption of network connectivity on affected devices using the ath11k driver.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Linux kernel is updated with the patch that ignores fragments from uninitialized peers in the ath11k driver datapath. Specifically, update to a kernel version where the dp_setup_done flag check is implemented before processing received fragments to prevent crashes. Additionally, avoid frequent hostapd restarts every 60 seconds when max virtual AP interfaces are configured across all bands until the patch is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart