CVE-2023-53113: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53113 is a vulnerability discovered in the Linux kernel's wifi nl80211 subsystem, published on May 2, 2025. The vulnerability specifically affects the offchan check functionality in the kernel's wireless networking components. The issue occurs in AP mode when a link is created by userspace but not yet activated (Wiz, NVD).

The vulnerability manifests as a NULL pointer dereference in the offchan check functionality. When a link is created by userspace but not yet activated in AP mode, the link has a chandef (channel definition), but the chandef is invalid and has no channel, leading to a NULL pointer dereference. The vulnerability has been assigned a CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat, Wiz).

The vulnerability affects multiple versions of the Linux kernel and various Linux distributions, including Debian bullseye, bookworm, trixie, and sid versions. The primary impact is related to system availability due to the NULL pointer dereference (Debian Tracker).

Fixes have been released for various Linux distributions. Debian has issued patches in multiple versions: bullseye (5.10.234-1), bookworm (6.1.135-1), trixie (6.12.22-1), and sid (6.12.25-1). Red Hat has deferred fixes for Red Hat Enterprise Linux 9, while versions 6, 7, and 8 are out of support scope (Debian Tracker, Red Hat).