CVE-2023-53802
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
INFO
Published Date :
Dec. 9, 2025, 1:16 a.m.
Last Modified :
Dec. 9, 2025, 6:37 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Ensure skb is freed if no callback is available.
- Apply the latest Linux kernel updates.
- Test the fix thoroughly in affected systems.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53802.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53802 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53802
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53802 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53802 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 09, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Added Reference https://git.kernel.org/stable/c/564bc2222bf50eb6cdee715a5431bf4dc9f923c1 Added Reference https://git.kernel.org/stable/c/5a84e51f72580fc70066b03f3dac38421e702a0b Added Reference https://git.kernel.org/stable/c/68171c006c8645a3e0293a6c3e6037c6538ac1c5 Added Reference https://git.kernel.org/stable/c/9b25e3985477ac3f02eca5fc1e0cc6850a3f7e69 Added Reference https://git.kernel.org/stable/c/b11f95f65cc52ee3a756e6f6a88df37a203e25bd Added Reference https://git.kernel.org/stable/c/bbfababb4f899fe1556eac195f9774b6fe675fb6 Added Reference https://git.kernel.org/stable/c/c0c0614f143b568cd0e9525d53cf12e5dcd11987 Added Reference https://git.kernel.org/stable/c/ec246dfe006b2a8f36353f7489e4f525114db9a5