Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-53493

Опубликовано: 01 окт. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: tighten bounds checking in decode_message()

Copy the bounds checking from encode_message() to decode_message().

This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later.

if (msg_hdr_len < sizeof(*trans_hdr))

Ensure that we have enough space to read the next header from the msg->data.

if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -EINVAL;

Check that the trans_hdr->len is not below the minimum size:

if (hdr_len < sizeof(*trans_hdr))

This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do.

memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr));

And finally, use size_add() to prevent an integer overflow:

if (size_add(msg_len, hdr_len) > msg_hdr_len)

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.4 (включая) до 6.4.7 (исключая)
cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00023
Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-53493

CVSS3: 7.8
ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decode_message() Copy the bounds checking from encode_message() to decode_message(). This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later. if (msg_hdr_len < sizeof(*trans_hdr)) Ensure that we have enough space to read the next header from the msg->data. if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -EINVAL; Check that the trans_hdr->len is not below the minimum size: if (hdr_len < sizeof(*trans_hdr)) This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do. memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr)); And finally, use size_add() to prevent an integer overflow: if (size_add(msg_len, hdr_len) > msg_hdr_len)

debian логотип

CVE-2023-53493

CVSS3: 7.8
debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: a ...

github логотип

GHSA-2fq9-3mp7-xw7v

CVSS3: 7.8
github
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decode_message() Copy the bounds checking from encode_message() to decode_message(). This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later. if (msg_hdr_len < sizeof(*trans_hdr)) Ensure that we have enough space to read the next header from the msg->data. if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -EINVAL; Check that the trans_hdr->len is not below the minimum size: if (hdr_len < sizeof(*trans_hdr)) This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do. memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr)); And finally, use size_add() to prevent an integer overflow: if (size_add(msg_len, hdr_len) > msg_hdr_len)

fstec логотип

BDU:2025-16122

CVSS3: 8
fstec
7 месяцев назад

Уязвимость функции decode_message() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2025:3751-1

suse-cvrf
4 месяца назад

Security update for the Linux Kernel

EPSS

Процентиль: 5%
0.00023
Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo