CVE-2023-54325Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing

Affected Packages4 packages

Linuxlinux/linux_kernel5.11.05.15.99+2
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux67916c9516893528ecce060ada1f58af0ce33d937697139d5dfd491f4c495a914a1dd68f6e827a0f+4
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
crypto: qat - fix out-of-bounds read2025-12-30
GHSA
GHSA-r67g-vmvr-rvjq: In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driv2025-12-30
OSV
CVE-2023-54325: In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: crypto: qat - fix out-of-bounds read2025-12-30
Debian
CVE-2023-54325: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: qat...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54325 Impact, Exploitability, and Mitigation Steps | Wiz