U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52832 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] In this case, simply return an error instead, to indicate that no data is available.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f
https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846
https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62
https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6
https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7
https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea
https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a
https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f
https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18

Weakness Enumeration

CWE-ID CWE Name Source
CWE-920 Improper Restriction of Power Consumption CISA-ADP  

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52832
NVD Published Date:
05/21/2024
NVD Last Modified:
07/02/2024
Source:
kernel.org