Home

Description

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decode_message() Copy the bounds checking from encode_message() to decode_message(). This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later. if (msg_hdr_len < sizeof(*trans_hdr)) Ensure that we have enough space to read the next header from the msg->data. if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -EINVAL; Check that the trans_hdr->len is not below the minimum size: if (hdr_len < sizeof(*trans_hdr)) This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do. memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr)); And finally, use size_add() to prevent an integer overflow: if (size_add(msg_len, hdr_len) > msg_hdr_len)

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

129776ac2e38231fa9c02ce20e116c99de291666 before 57d14cb3bae4619ce2fb5235cb318c3d5d8f53fd
affected

129776ac2e38231fa9c02ce20e116c99de291666 before 51b56382ed2a2b03347372272362b3baa623ed1e
affected

Default status
affected

6.4
affected

Any version before 6.4
unaffected

6.4.7
unaffected

6.5
unaffected

References

git.kernel.org/...c/57d14cb3bae4619ce2fb5235cb318c3d5d8f53fd

git.kernel.org/...c/51b56382ed2a2b03347372272362b3baa623ed1e

cve.org (CVE-2023-53493)

nvd.nist.gov (CVE-2023-53493)

Download JSON