CVE & CISA-KEV Catalog

CVE-2023-52611

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he observed is identical to what has been fixed in commit e967229ead0e ("wifi: rtw88: sdio: Check the HISR RX_REQUEST bit in rtw_sdio_rx_isr()") but that commit didn't fix Lukas' problem. Lukas found that disabling or limiting RX aggregation works around the problem for some time (but does not fully fix it). In the following discussion a few key topics have been discussed which have an impact on this problem: - The Amlogic A311D (G12B) SoC has a hardware bug in the SDIO controller which prevents DMA transfers. Instead all transfers need to go through the controller SRAM which limits transfers to 1536 bytes - rtw88 chips don't split incoming (RX) packets, so if a big packet is received this is forwarded to the host in it's original form - rtw88 chips can do RX aggregation, meaning more multiple incoming packets can be pulled by the host from the card with one MMC/SDIO transfer. This Depends on settings in the REG_RXDMA_AGG_PG_TH register (BIT_RXDMA_AGG_PG_TH limits the number of packets that will be aggregated, BIT_DMA_AGG_TO_V1 configures a timeout for aggregation and BIT_EN_PRE_CALC makes the chip honor the limits more effectively) Use multiple consecutive reads in rtw_sdio_read_port() and limit the number of bytes which are copied by the host from the card in one MMC/SDIO transfer. This allows receiving a buffer that's larger than the hosts max_req_size (number of bytes which can be transferred in one MMC/SDIO transfer). As a result of this the skb_over_panic error is gone as the rtw88 driver is now able to receive more than 1536 bytes from the card (either because the incoming packet is larger than that or because multiple packets have been aggregated). In case of an receive errors (-EILSEQ has been observed by Lukas) we need to drain the remaining data from the card's buffer, otherwise the card will return corrupt data for the next rtw_sdio_read_port() call.

How to fix

Remediation Available
linuxDebian
Fixed in:6.6.15-1CVE-2023-52611
Fixed in:6.6.15-1CVE-2023-52611
linuxUbuntu
Fixed in:6.5.0-41.41USN-6818-1
linux-awsUbuntu
Fixed in:6.5.0-1021.21USN-6819-2
linux-azureUbuntu
Fixed in:6.5.0-1022.23USN-6819-1
linux-azure-6.5Ubuntu
Fixed in:6.5.0-1022.23~22.04.1USN-6819-1
linux-gcpUbuntu
Fixed in:6.5.0-1022.24USN-6818-1
linux-gcp-6.5Ubuntu
Fixed in:6.5.0-1022.24~22.04.1USN-6818-1
linux-hwe-6.5Ubuntu
Fixed in:6.5.0-41.41~22.04.2USN-6818-4
linux-image-6.5.0-1015-starfiveUbuntu
Fixed in:6.5.0-1015.16~22.04.1USN-6819-1
Fixed in:6.5.0-1015.16USN-6819-1
linux-image-6.5.0-1017-laptopUbuntu
Fixed in:6.5.0-1017.20USN-6818-2
linux-image-6.5.0-1018-raspiUbuntu
Fixed in:6.5.0-1018.21USN-6818-1
linux-image-6.5.0-1021-awsUbuntu
Fixed in:6.5.0-1021.21USN-6819-2
linux-image-6.5.0-1021-nvidiaUbuntu
Fixed in:6.5.0-1021.22USN-6818-3
linux-image-6.5.0-1021-nvidia-64kUbuntu
Fixed in:6.5.0-1021.22USN-6818-3
linux-image-6.5.0-1022-azureUbuntu
Fixed in:6.5.0-1022.23~22.04.1USN-6819-1
Fixed in:6.5.0-1022.23USN-6819-1
linux-image-6.5.0-1022-azure-fdeUbuntu
Fixed in:6.5.0-1022.23~22.04.1USN-6819-1
Fixed in:6.5.0-1022.23USN-6819-1
linux-image-6.5.0-1022-gcpUbuntu
Fixed in:6.5.0-1022.24~22.04.1USN-6818-1
Fixed in:6.5.0-1022.24USN-6818-1
linux-image-6.5.0-1024-oemUbuntu
Fixed in:6.5.0-1024.25USN-6819-3
linux-image-6.5.0-1024-oracleUbuntu
Fixed in:6.5.0-1024.24~22.04.1USN-6819-4
Fixed in:6.5.0-1024.24USN-6819-2
linux-image-6.5.0-1024-oracle-64kUbuntu
Fixed in:6.5.0-1024.24~22.04.1USN-6819-4
Fixed in:6.5.0-1024.24USN-6819-2
linux-image-6.5.0-41-genericUbuntu
Fixed in:6.5.0-41.41~22.04.2USN-6818-4
Fixed in:6.5.0-41.41USN-6818-1
linux-image-6.5.0-41-generic-64kUbuntu
Fixed in:6.5.0-41.41~22.04.2USN-6818-4
Fixed in:6.5.0-41.41USN-6818-1
linux-image-6.5.0-41-lowlatencyUbuntu
Fixed in:6.5.0-41.41.1~22.04.1USN-6818-1
Fixed in:6.5.0-41.41.1USN-6818-1
linux-image-6.5.0-41-lowlatency-64kUbuntu
Fixed in:6.5.0-41.41.1~22.04.1USN-6818-1
Fixed in:6.5.0-41.41.1USN-6818-1
linux-image-awsUbuntu
Fixed in:6.5.0.1021.21USN-6819-2
linux-image-azureUbuntu
Fixed in:6.5.0.1022.23~22.04.1USN-6819-1
Fixed in:6.5.0.1022.26USN-6819-1
linux-image-azure-fdeUbuntu
Fixed in:6.5.0.1022.23~22.04.1USN-6819-1
Fixed in:6.5.0.1022.26USN-6819-1
linux-image-gcpUbuntu
Fixed in:6.5.0.1022.24~22.04.1USN-6818-1
Fixed in:6.5.0.1022.24USN-6818-1
linux-image-genericUbuntu
Fixed in:6.5.0.41.41USN-6818-1
linux-image-generic-64kUbuntu
Fixed in:6.5.0.41.41USN-6818-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.5.0.41.41~22.04.2USN-6818-4
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.5.0.41.41~22.04.2USN-6818-4
linux-image-generic-lpaeUbuntu
Fixed in:6.5.0.41.41USN-6818-1
linux-image-kvmUbuntu
Fixed in:6.5.0.41.41USN-6818-1
linux-image-laptop-23.10Ubuntu
Fixed in:6.5.0.1017.20USN-6818-2
linux-image-lowlatencyUbuntu
Fixed in:6.5.0.41.41.1USN-6818-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.5.0.41.41.1USN-6818-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.5.0.41.41.1~22.04.1USN-6818-1
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.5.0.41.41.1~22.04.1USN-6818-1
linux-image-nvidia-6.5Ubuntu
Fixed in:6.5.0.1021.29USN-6818-3
linux-image-nvidia-64k-6.5Ubuntu
Fixed in:6.5.0.1021.29USN-6818-3
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.5.0.1021.29USN-6818-3
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.5.0.1021.29USN-6818-3
linux-image-oem-22.04Ubuntu
Fixed in:6.5.0.1024.26USN-6819-3
linux-image-oem-22.04aUbuntu
Fixed in:6.5.0.1024.26USN-6819-3
linux-image-oem-22.04bUbuntu
Fixed in:6.5.0.1024.26USN-6819-3
linux-image-oem-22.04cUbuntu
Fixed in:6.5.0.1024.26USN-6819-3
linux-image-oem-22.04dUbuntu
Fixed in:6.5.0.1024.26USN-6819-3
linux-image-oracleUbuntu
Fixed in:6.5.0.1024.24~22.04.1USN-6819-4
Fixed in:6.5.0.1024.26USN-6819-2
linux-image-oracle-64kUbuntu
Fixed in:6.5.0.1024.24~22.04.1USN-6819-4
Fixed in:6.5.0.1024.26USN-6819-2
linux-image-raspiUbuntu
Fixed in:6.5.0.1018.19USN-6818-1
linux-image-raspi-nolpaeUbuntu
Fixed in:6.5.0.1018.19USN-6818-1
linux-image-starfiveUbuntu
Fixed in:6.5.0.1015.16~22.04.1USN-6819-1
Fixed in:6.5.0.1015.17USN-6819-1
linux-image-virtualUbuntu
Fixed in:6.5.0.41.41USN-6818-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.5.0.41.41~22.04.2USN-6818-4
linux-laptopUbuntu
Fixed in:6.5.0-1017.20USN-6818-2
linux-lowlatencyUbuntu
Fixed in:6.5.0-41.41.1USN-6818-1
linux-lowlatency-hwe-6.5Ubuntu
Fixed in:6.5.0-41.41.1~22.04.1USN-6818-1
linux-nvidia-6.5Ubuntu
Fixed in:6.5.0-1021.22USN-6818-3
linux-oem-6.5Ubuntu
Fixed in:6.5.0-1024.25USN-6819-3
linux-oracleUbuntu
Fixed in:6.5.0-1024.24USN-6819-2
linux-oracle-6.5Ubuntu
Fixed in:6.5.0-1024.24~22.04.1USN-6819-4
linux-raspiUbuntu
Fixed in:6.5.0-1018.21USN-6818-1
linux-starfiveUbuntu
Fixed in:6.5.0-1015.16USN-6819-1
linux-starfive-6.5Ubuntu
Fixed in:6.5.0-1015.16~22.04.1USN-6819-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.22%probability of exploitation in 30 days
13thpercentile

Low risk: more likely to be exploited than 13% of all known CVEs.

References

Embed a live status badge for CVE-2023-52611
CVE-2023-52611 severity badge

Markdown

[![CVE-2023-52611](https://tridentstack.com/cve/badge/CVE-2023-52611.svg)](https://tridentstack.com/cve/CVE-2023-52611)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-52611"><img src="https://tridentstack.com/cve/badge/CVE-2023-52611.svg" alt="CVE-2023-52611"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-03-10.