DEBIAN-CVE-2023-54325

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54325

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54325.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54325

Upstream

CVE-2023-54325

Published

2025-12-30T13:16:21.840Z

Modified

2025-12-31T11:10:44.631301Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing the key, causing an out-of-bounds read. Fix by doing the copy first and then update the keylen. This is to fix the following warning reported by KASAN: [ 138.150574] BUG: KASAN: global-out-of-bounds in qatalgskcipherinitcom.isra.0+0x197/0x250 [intelqat] [ 138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgrtest/2340 [ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgrtest Not tainted 6.2.0-rc1+ #45 [ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022 [ 138.150663] Call Trace: [ 138.150668] <TASK> [ 138.150922] kasancheckrange+0x13a/0x1c0 [ 138.150931] memcpy+0x1f/0x60 [ 138.150940] qatalgskcipherinitcom.isra.0+0x197/0x250 [intelqat] [ 138.151006] qatalgskcipherinitsessions+0xc1/0x240 [intelqat] [ 138.151073] cryptoskciphersetkey+0x82/0x160 [ 138.151085] ? preparekeybuf+0xa2/0xd0 [ 138.151095] testskciphervec_cfg+0x2b8/0x800

References

https://security-tracker.debian.org/tracker/CVE-2023-54325

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54325.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54325.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54325.json"