U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-53456 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/25feffb3fbd51ae81d92c65cebc0e932663828b3 kernel.org
https://git.kernel.org/stable/c/47cd3770e31df942e2bb925a9a855c79ed0662eb kernel.org
https://git.kernel.org/stable/c/47f3be62eab50b8cd7e1ae5fc2c4dae687497c34 kernel.org
https://git.kernel.org/stable/c/4ed21975311247bb84e82298eeb359ec0a0fa84d kernel.org
https://git.kernel.org/stable/c/5925e224cc6edfef57b20447f18323208461309b kernel.org
https://git.kernel.org/stable/c/6d65079c69dc1feb817ed71f5bd15e83a7d6832d kernel.org
https://git.kernel.org/stable/c/b018c0440b871d8b001c996e95fa4538bd292de6 kernel.org
https://git.kernel.org/stable/c/cfa6a1a79ed6d336fac7a5d87eb5471e4401829f kernel.org
https://git.kernel.org/stable/c/f61fc650c47849637fa1771a31a11674c824138a kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-53456
NVD Published Date:
10/01/2025
NVD Last Modified:
10/02/2025
Source:
kernel.org