CVE-2023-52644: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and failing to stop/wake the actual queue instantiated. Log of issue before change (with kernel parameter qos=0): [ +5.112651] ------------[ cut here ]------------ [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3 [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)] [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019 [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00 [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097 [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000 [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900 [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0 [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000 [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40 [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000 [ +0.000001] CS: 0010 DS: 0 ---truncated---
AI Analysis
Technical Summary
CVE-2023-52644 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically affecting the Broadcom b43 wireless driver and the mac80211 stack. The issue arises when Quality of Service (QoS) is disabled in the wireless configuration. Under these conditions, the queue priority value does not correctly map to the ieee80211 queue because only a single queue is instantiated. The vulnerability manifests as an incorrect attempt to stop or wake a non-existent queue, leading to failure in managing the actual queue in use. This results in kernel warnings and potentially unstable behavior, as evidenced by kernel logs showing warnings and stack traces related to __ieee80211_wake_queue in mac80211. The root cause is a logic flaw in queue management when QoS is disabled, causing the driver to interact with queue 0 incorrectly. The vulnerability has been addressed by modifying the driver to stop and wake queue 0 explicitly when QoS is disabled, preventing attempts to manipulate non-existent queues. The affected Linux kernel versions include those identified by the commit hash e6f5b934fba8c44c87c551e066aa7ca6fde2939e. There is no indication that this vulnerability has been exploited in the wild, and no CVSS score has been assigned yet. The issue primarily affects systems using the b43 wireless driver, which supports certain Broadcom wireless chipsets, commonly found in older or embedded Linux systems. The vulnerability could lead to system instability or denial of service conditions due to improper queue handling in the wireless driver.
Potential Impact
For European organizations, the impact of CVE-2023-52644 depends largely on the deployment of affected Linux systems using the b43 wireless driver. Organizations relying on Linux servers, desktops, or embedded devices with Broadcom wireless chipsets that use this driver and have QoS disabled may experience system instability or kernel warnings that could degrade wireless network performance or cause temporary denial of service. This could affect operational continuity, especially in environments where wireless connectivity is critical. While this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could disrupt services or user productivity. Industries with significant Linux usage in networking equipment, IoT devices, or embedded systems—such as telecommunications, manufacturing, and critical infrastructure—may be more exposed. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental system failures. The impact is mitigated if QoS is enabled or if alternative wireless drivers are used. However, given the widespread use of Linux in European IT environments, particularly in public sector, research institutions, and technology companies, the vulnerability warrants prompt attention to avoid service disruptions.
Mitigation Recommendations
To mitigate CVE-2023-52644, European organizations should: 1) Identify Linux systems using the b43 wireless driver by auditing kernel modules and hardware inventories, focusing on devices with Broadcom wireless chipsets. 2) Verify whether QoS is disabled on these systems; enabling QoS where feasible can prevent the incorrect queue mapping issue. 3) Apply the latest Linux kernel updates or patches that include the fix for this vulnerability, specifically those incorporating the commit e6f5b934fba8c44c87c551e066aa7ca6fde2939e or later. 4) For embedded or specialized devices where kernel updates are not straightforward, consider vendor firmware updates or workarounds that enable QoS or disable the affected driver if not in use. 5) Monitor system logs for kernel warnings related to ieee80211 queue management to detect potential exploitation or instability. 6) Implement network segmentation and access controls to limit exposure of vulnerable wireless devices. 7) Engage with hardware vendors for support on updated drivers or firmware. These steps go beyond generic advice by focusing on driver-specific and configuration-based mitigations tailored to the vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2023-52644: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and failing to stop/wake the actual queue instantiated. Log of issue before change (with kernel parameter qos=0): [ +5.112651] ------------[ cut here ]------------ [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3 [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)] [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019 [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00 [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097 [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000 [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900 [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0 [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000 [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40 [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000 [ +0.000001] CS: 0010 DS: 0 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2023-52644 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically affecting the Broadcom b43 wireless driver and the mac80211 stack. The issue arises when Quality of Service (QoS) is disabled in the wireless configuration. Under these conditions, the queue priority value does not correctly map to the ieee80211 queue because only a single queue is instantiated. The vulnerability manifests as an incorrect attempt to stop or wake a non-existent queue, leading to failure in managing the actual queue in use. This results in kernel warnings and potentially unstable behavior, as evidenced by kernel logs showing warnings and stack traces related to __ieee80211_wake_queue in mac80211. The root cause is a logic flaw in queue management when QoS is disabled, causing the driver to interact with queue 0 incorrectly. The vulnerability has been addressed by modifying the driver to stop and wake queue 0 explicitly when QoS is disabled, preventing attempts to manipulate non-existent queues. The affected Linux kernel versions include those identified by the commit hash e6f5b934fba8c44c87c551e066aa7ca6fde2939e. There is no indication that this vulnerability has been exploited in the wild, and no CVSS score has been assigned yet. The issue primarily affects systems using the b43 wireless driver, which supports certain Broadcom wireless chipsets, commonly found in older or embedded Linux systems. The vulnerability could lead to system instability or denial of service conditions due to improper queue handling in the wireless driver.
Potential Impact
For European organizations, the impact of CVE-2023-52644 depends largely on the deployment of affected Linux systems using the b43 wireless driver. Organizations relying on Linux servers, desktops, or embedded devices with Broadcom wireless chipsets that use this driver and have QoS disabled may experience system instability or kernel warnings that could degrade wireless network performance or cause temporary denial of service. This could affect operational continuity, especially in environments where wireless connectivity is critical. While this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could disrupt services or user productivity. Industries with significant Linux usage in networking equipment, IoT devices, or embedded systems—such as telecommunications, manufacturing, and critical infrastructure—may be more exposed. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental system failures. The impact is mitigated if QoS is enabled or if alternative wireless drivers are used. However, given the widespread use of Linux in European IT environments, particularly in public sector, research institutions, and technology companies, the vulnerability warrants prompt attention to avoid service disruptions.
Mitigation Recommendations
To mitigate CVE-2023-52644, European organizations should: 1) Identify Linux systems using the b43 wireless driver by auditing kernel modules and hardware inventories, focusing on devices with Broadcom wireless chipsets. 2) Verify whether QoS is disabled on these systems; enabling QoS where feasible can prevent the incorrect queue mapping issue. 3) Apply the latest Linux kernel updates or patches that include the fix for this vulnerability, specifically those incorporating the commit e6f5b934fba8c44c87c551e066aa7ca6fde2939e or later. 4) For embedded or specialized devices where kernel updates are not straightforward, consider vendor firmware updates or workarounds that enable QoS or disable the affected driver if not in use. 5) Monitor system logs for kernel warnings related to ieee80211 queue management to detect potential exploitation or instability. 6) Implement network segmentation and access controls to limit exposure of vulnerable wireless devices. 7) Engage with hardware vendors for support on updated drivers or firmware. These steps go beyond generic advice by focusing on driver-specific and configuration-based mitigations tailored to the vulnerability's nature.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-06T09:52:12.094Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe71bf
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 5:12:00 AM
Last updated: 8/15/2025, 3:48:10 AM
Views: 13
Related Threats
CVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.