Home/CVE/In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee802
CVE

CVE-2023-52832

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee802

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] In this case, simply return an error instead, to indicate that no data is available.

CRITICAL · CVSS 9.1 EPSS 0.00065
Schedule remediation
  • SSVC automatable: yes - attacks can be scripted at scale
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Weakness Classification

CWE-920Improper Restriction of Power Consumption

Affected Products & Versions

8
linux kernel< 4.14.331
linux kernel>= 4.15 and < 4.19.300
linux kernel>= 4.20 and < 5.4.262
linux kernel>= 5.5 and < 5.10.202
linux kernel>= 5.11 and < 5.15.140
linux kernel>= 5.16 and < 6.1.64
linux kernel>= 6.2 and < 6.5.13
linux kernel>= 6.6 and < 6.6.3

Scoring & Timeline

9.1
CRITICAL · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD21 May 2024 · 04:15 PM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
SSVC triage · cisa-vulnrichment
Exploitation
none
Automatable
yes
Technical impact
partial
SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

Vendor Advisories

18
rhsaRHSA-2024:2394Low
rhsaRHSA-2024:5101Low
siemens-csafSSA-613116
suse-csafSUSE-SU-2025:20008-1
suse-csafSUSE-SU-2025:20028-1
🔗

References & Sources

9
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846Patch
https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6Patch
https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7Patch
https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620eaPatch
https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775aPatch
https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937fPatch
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin