CVE-2023-53570

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()<br /> <br /> nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the<br /> number of MBSSID elements in the nested netlink attribute attrs, which can<br /> lead to an integer overflow if a user of the nl80211 interface specifies<br /> 256 or more elements in the corresponding attribute in userspace. The<br /> integer overflow can lead to a heap buffer overflow as num_elems determines<br /> the size of the trailing array in elems, and this array is thereafter<br /> written to for each element in attrs.<br /> <br /> Note that this vulnerability only affects devices with the<br /> wiphy-&gt;mbssid_max_interfaces member set for the wireless physical device<br /> struct in the device driver, and can only be triggered by a process with<br /> CAP_NET_ADMIN capabilities.<br /> <br /> Fix this by checking for a maximum of 255 elements in attrs.