CVE-2024-53162

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux10484c647af6b1952d1675e83be9cc976cdb6a96 < 05c9a7a5344425860202a8f3efea4d8ed2d10edbaffected
LinuxLinux10484c647af6b1952d1675e83be9cc976cdb6a96 < e69d2845aaa080960f38761f78fd25aa856620c6affected
LinuxLinux10484c647af6b1952d1675e83be9cc976cdb6a96 < 700852528fc5295897d6089eea0656d67f9b9d88affected
LinuxLinux10484c647af6b1952d1675e83be9cc976cdb6a96 < 475b5098043eef6e72751aadeab687992a5b63d1affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References