CVE-2023-54179
Unknown Unknown - Not Provided
Array Index Out-of-Bounds in Linux Kernel qla2xxx Driver

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54179
EUVD
EUVD-2023-60462
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's scsi qla2xxx driver involves an array index going out of bounds. Specifically, the array 'vha->host_str' of size 16 may be accessed with index values from 16 to 19, which exceeds its allocated size. The issue arises from using sprintf() instead of the safer snprintf(), which can lead to buffer overflows or memory corruption.

Impact Analysis

The out-of-bounds array access can cause memory corruption, potentially leading to system instability, crashes, or security issues such as privilege escalation or denial of service if exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54179. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart