Login Sign Up

CVE-2023-52530

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's WiFi subsystem (mac80211) could allow use-after-free of cryptographic keys when handling GTK rekey operations. Attackers could potentially exploit this to cause kernel crashes or execute arbitrary code. Systems using affected Linux kernel versions with WiFi enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected kernel versions not explicitly stated in CVE description; check git commits for exact ranges.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires WiFi enabled and specific conditions: WoWLAN rekey offload usage (primarily in iwlwifi drivers) with KRACK protection triggering identical key reinstall scenarios.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential arbitrary code execution with kernel privileges, resulting in complete system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting WiFi connectivity.

🟢

If Mitigated

Minimal impact if WiFi is disabled or if systems are not using WoWLAN rekey offload features.

🌐 Internet-Facing: LOW - Requires local network access and specific WiFi configuration conditions.
🏢 Internal Only: MEDIUM - Internal attackers on the same network could potentially exploit this if WiFi is enabled and vulnerable configurations exist.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific WiFi driver configurations and timing conditions. The vulnerability was discovered through code review and patched proactively.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel versions containing commits: 2408f491ff998d674707725eadc47d8930aced09, 2f4e16e39e4f5e78248dd9e51276a83203950b36, 31db78a4923ef5e2008f2eed321811ca79e7f71b, 65c72a7201704574dace708cbc96a8f367b1491d, e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0

Vendor Advisory: https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable WiFi

linux

Disable WiFi interfaces to prevent exploitation of this vulnerability.

sudo ip link set wlan0 down
sudo systemctl stop NetworkManager
sudo nmcli radio wifi off

Disable WoWLAN features

linux

Disable Wake-on-Wireless-LAN features if not needed.

Check iwlwifi module parameters: sudo modinfo iwlwifi
Add iwlwifi options to modprobe config

🧯 If You Can't Patch

  • Disable WiFi interfaces completely on affected systems
  • Implement network segmentation to isolate WiFi networks from critical systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and whether WiFi is enabled: uname -r && ip link show | grep wlan

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits: git log --oneline | grep -E '2408f491|2f4e16e3|31db78a4|65c72a72|e8a834eb'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • WiFi driver crash messages in dmesg
  • Network interface errors

Network Indicators:

  • Unexpected WiFi disconnections
  • Abnormal GTK rekey patterns

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "mac80211" OR "iwlwifi")

📊 Metadata

CVE ID: CVE-2023-52530
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 2, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52530, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)