Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-53162

Опубликовано: 24 дек. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.

Отчет

Actual only for latest versions of Red Hat Enterprise Linux 9. The security impact is limited, because read out of bounds could happen only for specific cases when qat/qat_4xxx crypto accelerator being used.

Меры по смягчению последствий

To mitigate this issue, prevent module qat_4xxx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2333981kernel: crypto: qat/qat_4xxx - fix off by one in uof_get_name()

EPSS

Процентиль: 6%
0.00026
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-53162

CVSS3: 7.1
ubuntu
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.

nvd логотип

CVE-2024-53162

CVSS3: 7.1
nvd
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.

debian логотип

CVE-2024-53162

CVSS3: 7.1
debian
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: c ...

github логотип

GHSA-gxj3-vh7p-4j4h

CVSS3: 7.1
github
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.

fstec логотип

BDU:2025-00140

CVSS3: 5.3
fstec
9 месяцев назад

Уязвимость функции uof_get_name() драйвера QAT_4xxx (drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c) операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации.

EPSS

Процентиль: 6%
0.00026
Низкий

5.3 Medium

CVSS3