cve/2024/CVE-2024-53156.md

### [CVE-2024-53156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53156)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.6.35%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=fb9987d0f748c983bb795a86f47522313f701a08%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()I found the following bug in my fuzzer:  UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51  index 255 is out of range for type 'htc_endpoint [22]'  CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014  Workqueue: events request_firmware_work_func  Call Trace:   <TASK>   dump_stack_lvl+0x180/0x1b0   __ubsan_handle_out_of_bounds+0xd4/0x130   htc_issue_send.constprop.0+0x20c/0x230   ? _raw_spin_unlock_irqrestore+0x3c/0x70   ath9k_wmi_cmd+0x41d/0x610   ? mark_held_locks+0x9f/0xe0   ...Since this bug has been confirmed to be caused by insufficient verificationof conn_rsp_epid, I think it would be appropriate to add a range check forconn_rsp_epid to htc_connect_service() to prevent the bug from occurring.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/w4zu/Debian_security
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-53156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53156)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.6.35%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=fb9987d0f748c983bb795a86f47522313f701a08%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ...Since this bug has been confirmed to be caused by insufficient verificationof conn_rsp_epid, I think it would be appropriate to add a range check forconn_rsp_epid to htc_connect_service() to prevent the bug from occurring.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/w4zu/Debian_security`