What is CVE-2023-53717?

CVE-2023-53717 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.35 onward and patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53717 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53717?

CVE-2023-53717 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53717?

Yes, CVE-2023-53717 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 2.6.35 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53717 actively exploited?

CVE-2023-53717 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53717

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx Write of size 4 Call Trace: memcpy ath9k_wmi_ctrl_rx ath9k_htc_rx_msg ath9k_hif_usb_reg_in_cb __usb_hcd_giveback_urb usb_hcd_giveback_urb dummy_timer call_timer_fn run_timer_softirq __do_softirq irq_exit_rcu sysvec_apic_timer_interrupt

Package Linux Kernel

Published 2025-10-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.35 and later are affected. Fixed in 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 2.6.35

Fixed in

✓ 4.14.308 4.14.x ✓ 4.19.276 4.19.x ✓ 5.4.235 5.4.x ✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53717 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90
Patch
Kernel patch commit
https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53717?

CVE-2023-53717 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.35 onward and has been patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53717 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53717?

Yes — CVE-2023-53717 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 2.6.35 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53717 actively exploited?

No — CVE-2023-53717 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.