VYPR
← All advisories
High severity7.8NVD Advisory· Published Oct 1, 2025· Updated Apr 6, 2026

CVE-2023-53524

CVE-2023-53524

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf

An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function.

static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count, void *buf, ssize_t *size, ssize_t *bytes_copied) { int buf_size_left = count - *bytes_copied;

buf_size_left = buf_size_left - (buf_size_left % sizeof(u32)); if (*size > buf_size_left) *size = buf_size_left;

If the user passes a SIZE_MAX value to the "ssize_t count" parameter, the ssize_t count parameter is assigned to "int buf_size_left". Then compare "*size" with "buf_size_left" . Here, "buf_size_left" is a negative number, so "*size" is assigned "buf_size_left" and goes into the third argument of the copy_to_user function, causing a heap overflow.

This is not a security vulnerability because iwl_dbgfs_monitor_data_read() is a debugfs operation with 0400 privileges.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=5.0,<5.4.244

Patches

6
0ad8dd870aa1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
059e426d666a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
82f877ec9b04
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
eb1ef44efac7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
de7845697602
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
58d1b717879b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

News mentions

0

No linked articles in our index yet.