CVE-2023-54325

EPSS 0.03%
Veröffentlicht 30.12.2025 12:37:09
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - fix out-of-bounds read

When preparing an AER-CTR request, the driver copies the key provided by
the user into a data structure that is accessible by the firmware.
If the target device is QAT GEN4, the key size is rounded up by 16 since
a rounded up size is expected by the device.
If the key size is rounded up before the copy, the size used for copying
the key might be bigger than the size of the region containing the key,
causing an out-of-bounds read.

Fix by doing the copy first and then update the keylen.

This is to fix the following warning reported by KASAN:

	[  138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]
	[  138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgr_test/2340

	[  138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45
	[  138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022
	[  138.150663] Call Trace:
	[  138.150668]  <TASK>
	[  138.150922]  kasan_check_range+0x13a/0x1c0
	[  138.150931]  memcpy+0x1f/0x60
	[  138.150940]  qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]
	[  138.151006]  qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat]
	[  138.151073]  crypto_skcipher_setkey+0x82/0x160
	[  138.151085]  ? prepare_keybuf+0xa2/0xd0
	[  138.151095]  test_skcipher_vec_cfg+0x2b8/0x800

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 7697139d5dfd491f4c495a914a1dd68f6e827a0f

Version 67916c9516893528ecce060ada1f58af0ce33d93

Status affected

Version < dc3809f390357c8992f0a23083da934a20fef9af

Version 67916c9516893528ecce060ada1f58af0ce33d93

Status affected

Version < 2b1501f058245573a3aa6bf234d205dde1196184

Version 67916c9516893528ecce060ada1f58af0ce33d93

Status affected

Version < f6044cc3030e139f60c281386f28bda6e3049d66

Version 67916c9516893528ecce060ada1f58af0ce33d93

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.11

Status affected

Version < 5.11

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/7697139d5dfd491f4c495a914a1dd68f6e827a0f

https://git.kernel.org/stable/c/dc3809f390357c8992f0a23083da934a20fef9af

https://git.kernel.org/stable/c/2b1501f058245573a3aa6bf234d205dde1196184

https://git.kernel.org/stable/c/f6044cc3030e139f60c281386f28bda6e3049d66

https://nvd.nist.gov/vuln/detail/CVE-2023-54325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54325

EUVD