CVE-2023-53199
15.09.2025, 15:15
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we have an incorrect pkt_len or pkt_tag, the input skb is considered invalid and dropped. All the associated packets already in skb_pool should be dropped and freed. Added a comment describing this issue. The patch also makes remain_skb NULL after being processed so that it cannot be referenced after potential free. The initialization of hif_dev fields which are associated with remain_skb (rx_remain_len, rx_transfer_len and rx_pad_len) is moved after a new remain_skb is allocated. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.38 ≤ 𝑥 < 4.19.276 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.235 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.173 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.99 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.16 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.2.3 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References