CVE-2023-54286
Unknown Unknown - Not Provided
Buffer Overflow in Linux iwlwifi Driver Causes Kernel Crash

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16) WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017 RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm] <snip> Call Trace: <TASK> iwl_set_dynamic_key+0x1f0/0x220 [iwldvm] iwlagn_mac_set_key+0x1e4/0x280 [iwldvm] drv_set_key+0xa4/0x1b0 [mac80211] ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211] ieee80211_key_replace+0x22d/0x8e0 [mac80211] <snip>
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54286
EUVD
EUVD-2023-60518
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intel iwlwifi *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a buffer overflow issue in the Linux kernel's iwlwifi driver. Specifically, when a TKIP key is received, it can be up to 32 bytes long because it may include MIC rx/tx keys. However, the iwlwifi driver copies this key into a field (iwl_keyinfo.key) that can only hold 16 bytes, causing an overflow. This overflow leads to a detected field-spanning write, which can cause system instability or crashes. The fix involves adding a check to ensure that no more data than the field can hold is copied.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to buffer overflow in the wireless driver. It may lead to kernel warnings and backtraces, potentially affecting the reliability of wireless networking on affected devices. While no direct security impact like privilege escalation is mentioned, such memory corruption issues can sometimes be exploited or cause denial of service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart