{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:55:00.428","vulnerabilities":[{"cve":{"id":"CVE-2023-54300","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-30T13:16:19.120","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx\n\nFor the reasons also described in commit b383e8abed41 (\"wifi: ath9k: avoid\nuninit memory read in ath9k_htc_rx_msg()\"), ath9k_htc_rx_msg() should\nvalidate pkt_len before accessing the SKB.\n\nFor example, the obtained SKB may have been badly constructed with\npkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr\nbut after being processed in ath9k_htc_rx_msg() and passed to\nath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI\ncommand header which should be located inside its data payload.\n\nImplement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit\nmemory can be referenced.\n\nTested on Qualcomm Atheros Communications AR9271 802.11n .\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: ath9k: evitar referenciar memoria no inicializada en ath9k_wmi_ctrl_rx\n\nPor las razones también descritas en el commit b383e8abed41 ('wifi: ath9k: evitar lectura de memoria no inicializada en ath9k_htc_rx_msg()'), ath9k_htc_rx_msg() debería validar pkt_len antes de acceder al SKB.\n\nPor ejemplo, el SKB obtenido puede haber sido mal construido con pkt_len = 8. En este caso, el SKB solo puede contener un htc_frame_hdr válido, pero después de ser procesado en ath9k_htc_rx_msg() y pasado al manejador RX del endpoint ath9k_wmi_ctrl_rx(), se espera que tenga una cabecera de comando WMI que debería estar ubicada dentro de su carga útil de datos.\n\nImplementar comprobación de cordura dentro de ath9k_wmi_ctrl_rx(). De lo contrario, se puede referenciar memoria no inicializada.\n\nProbado en Qualcomm Atheros Communications AR9271 802.11n.\n\nEncontrado por Linux Verification Center (linuxtesting.org) con Syzkaller."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0bc12e41af4e3ae1f0efecc377f0514459df0707","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/250efb4d3f5b32a115ea6bf25437ba44a1b3c04f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/28259ce4f1f1f9ab37fa817756c89098213d2fc0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/75acec91aeaa07375cd5f418069e61b16d39bbad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8ed572e52714593b209e3aa352406aff84481179","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/90e3c10177573b8662ac9858abd9bf731d5d98e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ad5425e70789c29b93acafb5bb4629e4eb908296","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d1c2ff2bd84c3692c9df267a2b991ce92bfca8ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f24292e827088bba8de7158501ac25a59b064953","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}