Login Sign Up

CVE-2023-52768

5.6 MEDIUM
Buffer Overflow

📋 TL;DR

This is a memory corruption vulnerability in the Linux kernel's wilc1000 WiFi driver where improper memory allocation leads to a buffer overflow. Attackers could potentially execute arbitrary code or cause denial of service on systems using this driver. The vulnerability affects Linux systems with the wilc1000 WiFi hardware/driver enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions with vulnerable wilc1000 driver code (specific commit ranges before fixes)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if wilc1000 WiFi driver is loaded and used (specific hardware: WILC1000/WILC3000 WiFi chips). Many systems won't have this driver active by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to arbitrary code execution with kernel privileges, potentially resulting in full system compromise.

🟠

Likely Case

System crash or kernel panic causing denial of service, requiring system reboot.

🟢

If Mitigated

Limited impact if KASAN is enabled (detects the issue) or if the vulnerable driver isn't loaded/used.

🌐 Internet-Facing: LOW - Requires local access or WiFi proximity; not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Requires local access to trigger via WiFi operations; could be exploited by malicious internal users or via WiFi-based attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to trigger WiFi operations; KASAN helps detect but doesn't prevent exploitation. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits: 05ac1a198a63, 3ce1c2c3999b, 4b0d6ddb6466, 541b3757fd44, 6aaf7cd8bdfe

Vendor Advisory: https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes. 2. Check distribution security advisories. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable wilc1000 driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist wilc1000' >> /etc/modprobe.d/blacklist.conf
rmmod wilc1000

Disable WiFi interface

linux

Turn off WiFi to prevent driver usage

ip link set wlan0 down

🧯 If You Can't Patch

  • Disable WiFi functionality on affected systems
  • Use alternative network interfaces (Ethernet) instead of WiFi

🔍 How to Verify

Check if Vulnerable:

Check if wilc1000 module is loaded: lsmod | grep wilc1000 AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits AND wilc1000 module loads without KASAN errors during WiFi operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN error messages mentioning wilc_wlan_handle_txq
  • System crash/reboot events

Network Indicators:

  • Unusual WiFi driver behavior
  • Network interface instability

SIEM Query:

kernel: "BUG: KASAN: slab-out-of-bounds" AND "wilc" OR kernel: "panic" AND "wilc1000"

📊 Metadata

CVE ID: CVE-2023-52768
CVSS v3 Score: 5.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-129
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52768, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)