{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53232", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T14:19:21.847Z", "datePublished": "2025-09-15T14:22:04.484Z", "dateUpdated": "2025-09-15T14:22:04.484Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-15T14:22:04.484Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix kernel panic by accessing unallocated eeprom.data\n\nThe MT7921 driver no longer uses eeprom.data, but the relevant code has not\nbeen removed completely since\ncommit 16d98b548365 (\"mt76: mt7921: rely on mcu_get_nic_capability\").\nThis could result in potential invalid memory access.\n\nTo fix the kernel panic issue in mt7921, it is necessary to avoid accessing\nunallocated eeprom.data which can lead to invalid memory access.\n\nFurthermore, it is possible to entirely eliminate the\nmt7921_mcu_parse_eeprom function and solely depend on\nmt7921_mcu_parse_response to divide the RxD header.\n\n[2.702735] BUG: kernel NULL pointer dereference, address: 0000000000000550\n[2.702740] #PF: supervisor write access in kernel mode\n[2.702741] #PF: error_code(0x0002) - not-present page\n[2.702743] PGD 0 P4D 0\n[2.702747] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[2.702755] RIP: 0010:mt7921_mcu_parse_response+0x147/0x170 [mt7921_common]\n[2.702758] RSP: 0018:ffffae7c00fef828 EFLAGS: 00010286\n[2.702760] RAX: ffffa367f57be024 RBX: ffffa367cc7bf500 RCX: 0000000000000000\n[2.702762] RDX: 0000000000000550 RSI: 0000000000000000 RDI: ffffa367cc7bf500\n[2.702763] RBP: ffffae7c00fef840 R08: ffffa367cb167000 R09: 0000000000000005\n[2.702764] R10: 0000000000000000 R11: ffffffffc04702e4 R12: ffffa367e8329f40\n[2.702766] R13: 0000000000000000 R14: 0000000000000001 R15: ffffa367e8329f40\n[2.702768] FS: 000079ee6cf20c40(0000) GS:ffffa36b2f940000(0000) knlGS:0000000000000000\n[2.702769] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2.702775] CR2: 0000000000000550 CR3: 00000001233c6004 CR4: 0000000000770ee0\n[2.702776] PKRU: 55555554\n[2.702777] Call Trace:\n[2.702782] mt76_mcu_skb_send_and_get_msg+0xc3/0x11e [mt76 <HASH:1bc4 5>]\n[2.702785] mt7921_run_firmware+0x241/0x853 [mt7921_common <HASH:6a2f 6>]\n[2.702789] mt7921e_mcu_init+0x2b/0x56 [mt7921e <HASH:d290 7>]\n[2.702792] mt7921_register_device+0x2eb/0x5a5 [mt7921_common <HASH:6a2f 6>]\n[2.702795] ? mt7921_irq_tasklet+0x1d4/0x1d4 [mt7921e <HASH:d290 7>]\n[2.702797] mt7921_pci_probe+0x2d6/0x319 [mt7921e <HASH:d290 7>]\n[2.702799] pci_device_probe+0x9f/0x12a"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7921/mcu.c"], "versions": [{"version": "16d98b548365fcd6fc3fe2e1ae73c9e3cc5ee43d", "lessThan": "11181b6c8641cd417935b76ea997d0169f2db262", "status": "affected", "versionType": "git"}, {"version": "16d98b548365fcd6fc3fe2e1ae73c9e3cc5ee43d", "lessThan": "c8ba6780c65f681d217de79e17d63d5d538a239f", "status": "affected", "versionType": "git"}, {"version": "16d98b548365fcd6fc3fe2e1ae73c9e3cc5ee43d", "lessThan": "ec4d97e8eddcfa9f63f2f62adec5fb4f941ba2ef", "status": "affected", "versionType": "git"}, {"version": "16d98b548365fcd6fc3fe2e1ae73c9e3cc5ee43d", "lessThan": "12db28c3ef31f719bd18fa186a40bb152e6a527c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7921/mcu.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.28", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.15", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.2", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.28"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.2.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.3.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/11181b6c8641cd417935b76ea997d0169f2db262"}, {"url": "https://git.kernel.org/stable/c/c8ba6780c65f681d217de79e17d63d5d538a239f"}, {"url": "https://git.kernel.org/stable/c/ec4d97e8eddcfa9f63f2f62adec5fb4f941ba2ef"}, {"url": "https://git.kernel.org/stable/c/12db28c3ef31f719bd18fa186a40bb152e6a527c"}], "title": "mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix kernel panic by accessing unallocated eeprom.data\n\nThe MT7921 driver no longer uses eeprom.data, but the relevant code has not\nbeen removed completely since\ncommit 16d98b548365 (\"mt76: mt7921: rely on mcu_get_nic_capability\").\nThis could result in potential invalid memory access.\n\nTo fix the kernel panic issue in mt7921, it is necessary to avoid accessing\nunallocated eeprom.data which can lead to invalid memory access.\n\nFurthermore, it is possible to entirely eliminate the\nmt7921_mcu_parse_eeprom function and solely depend on\nmt7921_mcu_parse_response to divide the RxD header.\n\n[2.702735] BUG: kernel NULL pointer dereference, address: 0000000000000550\n[2.702740] #PF: supervisor write access in kernel mode\n[2.702741] #PF: error_code(0x0002) - not-present page\n[2.702743] PGD 0 P4D 0\n[2.702747] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[2.702755] RIP: 0010:mt7921_mcu_parse_response+0x147/0x170 [mt7921_common]\n[2.702758] RSP: 0018:ffffae7c00fef828 EFLAGS: 00010286\n[2.702760] RAX: ffffa367f57be024 RBX: ffffa367cc7bf500 RCX: 0000000000000000\n[2.702762] RDX: 0000000000000550 RSI: 0000000000000000 RDI: ffffa367cc7bf500\n[2.702763] RBP: ffffae7c00fef840 R08: ffffa367cb167000 R09: 0000000000000005\n[2.702764] R10: 0000000000000000 R11: ffffffffc04702e4 R12: ffffa367e8329f40\n[2.702766] R13: 0000000000000000 R14: 0000000000000001 R15: ffffa367e8329f40\n[2.702768] FS: 000079ee6cf20c40(0000) GS:ffffa36b2f940000(0000) knlGS:0000000000000000\n[2.702769] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2.702775] CR2: 0000000000000550 CR3: 00000001233c6004 CR4: 0000000000770ee0\n[2.702776] PKRU: 55555554\n[2.702777] Call Trace:\n[2.702782] mt76_mcu_skb_send_and_get_msg+0xc3/0x11e [mt76 <HASH:1bc4 5>]\n[2.702785] mt7921_run_firmware+0x241/0x853 [mt7921_common <HASH:6a2f 6>]\n[2.702789] mt7921e_mcu_init+0x2b/0x56 [mt7921e <HASH:d290 7>]\n[2.702792] mt7921_register_device+0x2eb/0x5a5 [mt7921_common <HASH:6a2f 6>]\n[2.702795] ? mt7921_irq_tasklet+0x1d4/0x1d4 [mt7921e <HASH:d290 7>]\n[2.702797] mt7921_pci_probe+0x2d6/0x319 [mt7921e <HASH:d290 7>]\n[2.702799] pci_device_probe+0x9f/0x12a"}], "id": "CVE-2023-53232", "lastModified": "2025-09-15T15:22:27.090", "metrics": {}, "published": "2025-09-15T15:15:50.180", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11181b6c8641cd417935b76ea997d0169f2db262"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12db28c3ef31f719bd18fa186a40bb152e6a527c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c8ba6780c65f681d217de79e17d63d5d538a239f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec4d97e8eddcfa9f63f2f62adec5fb4f941ba2ef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data", "id": "2395322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395322"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53232", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53232\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53232\nhttps://lore.kernel.org/linux-cve-announce/2025091515-CVE-2023-53232-39fa@gregkh/T"], "threat_severity": "Moderate"}