{"id":"CVE-2023-53822","summary":"wifi: ath11k: Ignore frags from uninitialized peer in dp.","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Ignore frags from uninitialized peer in dp.\n\nWhen max virtual ap interfaces are configured in all the bands with\nACS and hostapd restart is done every 60s, a crash is observed at\nrandom times.\nIn this certain scenario, a fragmented packet is received for\nself peer, for which rx_tid and rx_frags are not initialized in\ndatapath. While handling this fragment, crash is observed as the\nrx_frag list is uninitialised and when we walk in\nath11k_dp_rx_h_sort_frags, skb null leads to exception.\n\nTo address this, before processing received fragments we check\ndp_setup_done flag is set to ensure that peer has completed its\ndp peer setup for fragment queue, else ignore processing the\nfragments.\n\nCall trace:\n  ath11k_dp_process_rx_err+0x550/0x1084 [ath11k]\n  ath11k_dp_service_srng+0x70/0x370 [ath11k]\n  0xffffffc009693a04\n  __napi_poll+0x30/0xa4\n  net_rx_action+0x118/0x270\n  __do_softirq+0x10c/0x244\n  irq_exit+0x64/0xb4\n  __handle_domain_irq+0x88/0xac\n  gic_handle_irq+0x74/0xbc\n  el1_irq+0xf0/0x1c0\n  arch_cpu_idle+0x10/0x18\n  do_idle+0x104/0x248\n  cpu_startup_entry+0x20/0x64\n  rest_init+0xd0/0xdc\n  arch_call_rest_init+0xc/0x14\n  start_kernel+0x480/0x4b8\n  Code: f9400281 f94066a2 91405021 b94a0023 (f9406401)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1","modified":"2025-12-20T20:38:12.243812Z","published":"2025-12-09T01:29:35.206Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53822.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/41efc47f5bc53e63461579e206adc17c4452ab6e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e78526a06b53718bfc1dfff37864c7760e41f8ec"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53822.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53822"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d5c65159f2895379e11ca13f62feabe93278985d"},{"fixed":"e78526a06b53718bfc1dfff37864c7760e41f8ec"},{"fixed":"41efc47f5bc53e63461579e206adc17c4452ab6e"},{"fixed":"a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6"}]}],"versions":["v5.10","v5.10-rc1","v5.10-rc2","v5.10-rc3","v5.10-rc4","v5.10-rc5","v5.10-rc6","v5.10-rc7","v5.11","v5.11-rc1","v5.11-rc2","v5.11-rc3","v5.11-rc4","v5.11-rc5","v5.11-rc6","v5.11-rc7","v5.12","v5.12-rc1","v5.12-rc1-dontuse","v5.12-rc2","v5.12-rc3","v5.12-rc4","v5.12-rc5","v5.12-rc6","v5.12-rc7","v5.12-rc8","v5.13","v5.13-rc1","v5.13-rc2","v5.13-rc3","v5.13-rc4","v5.13-rc5","v5.13-rc6","v5.13-rc7","v5.14","v5.14-rc1","v5.14-rc2","v5.14-rc3","v5.14-rc4","v5.14-rc5","v5.14-rc6","v5.14-rc7","v5.15","v5.15-rc1","v5.15-rc2","v5.15-rc3","v5.15-rc4","v5.15-rc5","v5.15-rc6","v5.15-rc7","v5.16","v5.16-rc1","v5.16-rc2","v5.16-rc3","v5.16-rc4","v5.16-rc5","v5.16-rc6","v5.16-rc7","v5.16-rc8","v5.17","v5.17-rc1","v5.17-rc2","v5.17-rc3","v5.17-rc4","v5.17-rc5","v5.17-rc6","v5.17-rc7","v5.17-rc8","v5.18","v5.18-rc1","v5.18-rc2","v5.18-rc3","v5.18-rc4","v5.18-rc5","v5.18-rc6","v5.18-rc7","v5.19","v5.19-rc1","v5.19-rc2","v5.19-rc3","v5.19-rc4","v5.19-rc5","v5.19-rc6","v5.19-rc7","v5.19-rc8","v5.4","v5.4-rc6","v5.4-rc7","v5.4-rc8","v5.5","v5.5-rc1","v5.5-rc2","v5.5-rc3","v5.5-rc4","v5.5-rc5","v5.5-rc6","v5.5-rc7","v5.6","v5.6-rc1","v5.6-rc2","v5.6-rc3","v5.6-rc4","v5.6-rc5","v5.6-rc6","v5.6-rc7","v5.7","v5.7-rc1","v5.7-rc2","v5.7-rc3","v5.7-rc4","v5.7-rc5","v5.7-rc6","v5.7-rc7","v5.8","v5.8-rc1","v5.8-rc2","v5.8-rc3","v5.8-rc4","v5.8-rc5","v5.8-rc6","v5.8-rc7","v5.9","v5.9-rc1","v5.9-rc2","v5.9-rc3","v5.9-rc4","v5.9-rc5","v5.9-rc6","v5.9-rc7","v5.9-rc8","v6.0","v6.0-rc1","v6.0-rc2","v6.0-rc3","v6.0-rc4","v6.0-rc5","v6.0-rc6","v6.0-rc7","v6.1","v6.1-rc1","v6.1-rc2","v6.1-rc3","v6.1-rc4","v6.1-rc5","v6.1-rc6","v6.1-rc7","v6.1-rc8","v6.1.1","v6.1.10","v6.1.11","v6.1.12","v6.1.13","v6.1.14","v6.1.15","v6.1.16","v6.1.17","v6.1.18","v6.1.19","v6.1.2","v6.1.20","v6.1.21","v6.1.22","v6.1.23","v6.1.24","v6.1.25","v6.1.26","v6.1.27","v6.1.28","v6.1.29","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.1.7","v6.1.8","v6.1.9","v6.2","v6.2-rc1","v6.2-rc2","v6.2-rc3","v6.2-rc4","v6.2-rc5","v6.2-rc6","v6.2-rc7","v6.2-rc8","v6.3","v6.3-rc1","v6.3-rc2","v6.3-rc3","v6.3-rc4","v6.3-rc5","v6.3-rc6","v6.3-rc7","v6.3.1","v6.3.2","v6.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53822.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.6.0"},{"fixed":"6.1.30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.3.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53822.json"}}],"schema_version":"1.7.3"}