CVE-2023-53456
Published: Oct 1, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 - < cfa6a1a79ed6d336fac7a5d87eb5471e4401829faffected 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 - < 5925e224cc6edfef57b20447f18323208461309baffected 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 - < 47f3be62eab50b8cd7e1ae5fc2c4dae687497c34affected 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 - < 6d65079c69dc1feb817ed71f5bd15e83a7d6832daffected 00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 - < f61fc650c47849637fa1771a31a11674c824138a+4 more versions |
Linux | Linux | affected 3.2unaffected 0 - < 3.2unaffected 4.14.326 - <= 4.14.*unaffected 4.19.295 - <= 4.19.*unaffected 5.4.257 - <= 5.4.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now