CVE-2023-53456

MEDIUM EPSS 4.5%
Published Oct 1, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥3.2  –  <4.14.326
linuxlinux_kernel*≥4.15  –  <4.19.295
linuxlinux_kernel*≥4.20  –  <5.4.257
linuxlinux_kernel*≥5.5  –  <5.10.195
linuxlinux_kernel*≥5.11  –  <5.15.132
linuxlinux_kernel*≥5.16  –  <6.1.53
linuxlinux_kernel*≥6.2  –  <6.4.16
linuxlinux_kernel*≥6.5  –  <6.5.3

References 9

  • git.kernel.org https://git.kernel.org/stable/c/25feffb3fbd51ae81d92c65cebc0e932663828b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47cd3770e31df942e2bb925a9a855c79ed0662eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47f3be62eab50b8cd7e1ae5fc2c4dae687497c34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ed21975311247bb84e82298eeb359ec0a0fa84d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5925e224cc6edfef57b20447f18323208461309b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6d65079c69dc1feb817ed71f5bd15e83a7d6832d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b018c0440b871d8b001c996e95fa4538bd292de6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfa6a1a79ed6d336fac7a5d87eb5471e4401829f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f61fc650c47849637fa1771a31a11674c824138a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/25feffb3fbd51ae81d92c65cebc0e932663828b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47cd3770e31df942e2bb925a9a855c79ed0662eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47f3be62eab50b8cd7e1ae5fc2c4dae687497c34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ed21975311247bb84e82298eeb359ec0a0fa84d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5925e224cc6edfef57b20447f18323208461309b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6d65079c69dc1feb817ed71f5bd15e83a7d6832d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b018c0440b871d8b001c996e95fa4538bd292de6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfa6a1a79ed6d336fac7a5d87eb5471e4401829f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f61fc650c47849637fa1771a31a11674c824138a
    Patch