CVE-2023-53575: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's iwlwifi driver was identified and assigned CVE-2023-53575. The issue involves a potential array out-of-bounds access in the wifi subsystem, specifically within the iwlwifi module's mvm component. The vulnerability was disclosed on October 4, 2025, affecting the Linux kernel's wireless networking functionality (RedHat XML, NVD).

The vulnerability is related to improper verification of key_len size in the iwl_mvm_sec_key_add() function, specifically concerning the IWL_SEC_WEP_KEY_OFFSET parameter. The issue has been assigned a CVSS 3.1 base score with the vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H, indicating a moderate severity level. The vulnerability is classified under CWE-125 (Out-of-bounds Read) (RedHat XML).

The vulnerability could potentially lead to an array out-of-bounds access in the Linux kernel's wireless networking functionality. This could result in information disclosure and system stability issues, though the high privilege requirement for exploitation somewhat mitigates the overall impact (RedHat XML).

Red Hat has acknowledged the vulnerability and its status varies across different versions of Red Hat Enterprise Linux. RHEL 8 received a fix through kernel-0:4.18.0-513.5.1.el8_9 (RHSA-2023:7077), while fixes for RHEL 9 and kernel-rt versions are currently deferred. RHEL 6, 7, and 10 are not affected by this vulnerability (RedHat XML).