CVE-2023-54179 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

6.6MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf().

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.12 — 4.19.291+5

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — e697f466bf61280b7e996c9ea096d7ec371c31ea+7

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

OSV

scsi: qla2xxx: Array index may go out of bound↗2025-12-30

▶

OSV

CVE-2023-54179: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_s↗2025-12-30

▶

GHSA

GHSA-39wf-xfc6-2r64: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: scsi: qla2xxx: Array index may go out of bound↗2025-12-30

▶

Debian

CVE-2023-54179: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54179 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶