SB20251230269 - Input validation error in Linux kernel ath ath9k driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2023-54300)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_wmi_ctrl_rx() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0bc12e41af4e3ae1f0efecc377f0514459df0707
• https://git.kernel.org/stable/c/250efb4d3f5b32a115ea6bf25437ba44a1b3c04f
• https://git.kernel.org/stable/c/28259ce4f1f1f9ab37fa817756c89098213d2fc0
• https://git.kernel.org/stable/c/75acec91aeaa07375cd5f418069e61b16d39bbad
• https://git.kernel.org/stable/c/8ed572e52714593b209e3aa352406aff84481179
• https://git.kernel.org/stable/c/90e3c10177573b8662ac9858abd9bf731d5d98e0
• https://git.kernel.org/stable/c/ad5425e70789c29b93acafb5bb4629e4eb908296
• https://git.kernel.org/stable/c/d1c2ff2bd84c3692c9df267a2b991ce92bfca8ef
• https://git.kernel.org/stable/c/f24292e827088bba8de7158501ac25a59b064953
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.322
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.291
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5