5.5

CVE-2024-53163

crypto: qat/qat_420xx - fix off by one in uof_get_name()

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat/qat_420xx - fix off by one in uof_get_name()

This is called from uof_get_name_420xx() where "num_objs" is the
ARRAY_SIZE() of fw_objs[].  The > needs to be >= to prevent an out of
bounds access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.8 < 6.11.11
LinuxLinux Kernel Version >= 6.12 < 6.12.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.152
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://git.kernel.org/stable/c/91eef1ad75f03d37dba926b73f9dd6f058bc4d58
Patch
https://git.kernel.org/stable/c/93a11608fb3720e1bc2b19a2649ac2b49cca1921
Patch
https://git.kernel.org/stable/c/c23661a36eea840b657e485d48ed88b246da1bb8
Patch