| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100105-CVE-2023-53456-b77a@gregkh> Date: Wed, 1 Oct 2025 13:42:26 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53456: scsi: qla4xxx: Add length check when parsing nlattrs From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. The Linux kernel CVE team has assigned CVE-2023-53456 to this issue. Affected and fixed versions =========================== Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 4.14.326 with commit cfa6a1a79ed6d336fac7a5d87eb5471e4401829f Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 4.19.295 with commit 5925e224cc6edfef57b20447f18323208461309b Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 5.4.257 with commit 47f3be62eab50b8cd7e1ae5fc2c4dae687497c34 Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 5.10.195 with commit 6d65079c69dc1feb817ed71f5bd15e83a7d6832d Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 5.15.132 with commit f61fc650c47849637fa1771a31a11674c824138a Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 6.1.53 with commit 25feffb3fbd51ae81d92c65cebc0e932663828b3 Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 6.4.16 with commit 4ed21975311247bb84e82298eeb359ec0a0fa84d Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 6.5.3 with commit b018c0440b871d8b001c996e95fa4538bd292de6 Issue introduced in 3.2 with commit 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 and fixed in 6.6 with commit 47cd3770e31df942e2bb925a9a855c79ed0662eb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53456 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qla4xxx/ql4_os.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cfa6a1a79ed6d336fac7a5d87eb5471e4401829f https://git.kernel.org/stable/c/5925e224cc6edfef57b20447f18323208461309b https://git.kernel.org/stable/c/47f3be62eab50b8cd7e1ae5fc2c4dae687497c34 https://git.kernel.org/stable/c/6d65079c69dc1feb817ed71f5bd15e83a7d6832d https://git.kernel.org/stable/c/f61fc650c47849637fa1771a31a11674c824138a https://git.kernel.org/stable/c/25feffb3fbd51ae81d92c65cebc0e932663828b3 https://git.kernel.org/stable/c/4ed21975311247bb84e82298eeb359ec0a0fa84d https://git.kernel.org/stable/c/b018c0440b871d8b001c996e95fa4538bd292de6 https://git.kernel.org/stable/c/47cd3770e31df942e2bb925a9a855c79ed0662eb
Powered by blists - more mailing lists