CVE-2023-53992

Vulnerability

In the Linux kernel's cfg80211 subsystem, the OCB (Outside the Context of a BSS) mode handling contains a logic flaw. When there is no OCB state established, the code still requests the driver or mac80211 to leave the OCB network. This is unnecessary and can lead to confusion in the driver or mac80211 state machine [1].

Exploitation

An attacker would need to trigger the OCB leave operation when no OCB join has been joined state exists. This could be achieved by sending crafted netlink commands or through local access to the wireless configuration interface. No authentication is required beyond the ability to interact with the cfg80211 interface [2].

Impact

The primary impact is a potential denial of service or unexpected behavior in the wireless subsystem. The driver may receive an invalid leave command, potentially causing it to enter an inconsistent state or crash. This could disrupt wireless connectivity for the system operations [1].

Mitigation

The fix is included in Linux kernel stable updates. The patch adds a check for OCB state before issuing the leave command, ensuring the driver is only asked to leave when actually joined. Users should update to a kernel version containing this commit [1][2].