{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53717","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-22T13:21:37.347Z","datePublished":"2025-10-22T13:23:50.161Z","dateUpdated":"2026-05-11T19:50:29.770Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:50:29.770Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi->last_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ath/ath9k/wmi.c"],"versions":[{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"89a33c3c847b19b19205cde1d924df2a6c70d8eb","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"bf6dc175a2b53098a69db1236d9d53982f4b1bc0","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"78b56b0a613a87b61290b95be497fdfe2fe58aa6","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"1af7eacfad45149c54893a8a9df9e92ef89f0a90","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"8f28513d9520184059530c01a9f928a1b3809d3f","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"554048a72d7ecfdd58cc1bfb56e0a1864e64e82c","status":"affected","versionType":"git"},{"version":"fb9987d0f748c983bb795a86f47522313f701a08","lessThan":"8a2f35b9830692f7a616f2f627f943bc748af13a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ath/ath9k/wmi.c"],"versions":[{"version":"2.6.35","status":"affected"},{"version":"0","lessThan":"2.6.35","status":"unaffected","versionType":"semver"},{"version":"4.14.308","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.276","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.235","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.173","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.99","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.16","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.3","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"4.14.308"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"4.19.276"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"5.4.235"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"5.10.173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"5.15.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"6.1.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"6.2.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/89a33c3c847b19b19205cde1d924df2a6c70d8eb"},{"url":"https://git.kernel.org/stable/c/ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc"},{"url":"https://git.kernel.org/stable/c/bf6dc175a2b53098a69db1236d9d53982f4b1bc0"},{"url":"https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6"},{"url":"https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90"},{"url":"https://git.kernel.org/stable/c/8f28513d9520184059530c01a9f928a1b3809d3f"},{"url":"https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c"},{"url":"https://git.kernel.org/stable/c/8a2f35b9830692f7a616f2f627f943bc748af13a"}],"title":"wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()","x_generator":{"engine":"bippy-1.2.0"}}}}