CVE-2023-53493

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s qaic component related to insufficient bounds checking within the decode message() function. The issue arises from a lack of proper validation of message lengths and header sizes, potentially leading to memory corruption during the decoding process. Specifically, the patch addresses concerns by copying bounds checking from encode message() to decode message(), ensuring sufficient space for headers and preventing negative size calculations. It also includes checks to prevent the trans hdr->len from being below a minimum size and utilizes size add() to prevent integer overflows. The decode passthrough() function is particularly susceptible to memory corruption if these checks are not in place.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.