PT-2025-40163 · Linux+3 · Linux Kernel+3

Published

2023-07-25

Updated

2025-11-19

CVE-2023-53456

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the qla4xxx driver within the Linux kernel related to parsing network attributes (nlattrs). Specifically, the qla4xxx set chap entry(), qla4xxx iface set param(), and qla4xxx sysfs ddb set param() functions directly convert nlattrs to structure pointers without validating their length. A malformed nlattr, such as one with a length of 0, could lead to an out-of-bounds (OOB) read, potentially exposing heap data. The issue is addressed by adding a length check before accessing the nlattr data and returning an error if the check fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-03824

CVE-2023-53456

OESA-2025-2533

SUSE-SU-2025:03600-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Astra Linux

Linux Kernel

Suse

Qla4Xxx Driver

PT-2025-40163 · Linux+3 · Linux Kernel+3

CVE-2023-53456

Weakness Enumeration

Related Identifiers

Affected Products

References · 2063