CVE-2023-54325
Unknown Unknown - Not Provided
Out-of-Bounds Read in Linux Kernel QAT Crypto Driver

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing the key, causing an out-of-bounds read. Fix by doing the copy first and then update the keylen. This is to fix the following warning reported by KASAN: [ 138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgr_test/2340 [ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45 [ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022 [ 138.150663] Call Trace: [ 138.150668] <TASK> [ 138.150922] kasan_check_range+0x13a/0x1c0 [ 138.150931] memcpy+0x1f/0x60 [ 138.150940] qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.151006] qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat] [ 138.151073] crypto_skcipher_setkey+0x82/0x160 [ 138.151085] ? prepare_keybuf+0xa2/0xd0 [ 138.151095] test_skcipher_vec_cfg+0x2b8/0x800
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-06
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54325
EUVD
EUVD-2023-60479
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intel qat *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds read in the Linux kernel's Intel QAT (QuickAssist Technology) driver. When preparing an AER-CTR request, the driver copies a user-provided key into a data structure accessible by the firmware. For QAT GEN4 devices, the key size is rounded up by 16 bytes before copying, but if this rounding happens before the copy, the copy operation may read beyond the actual key size, causing an out-of-bounds read. The fix involves copying the key first and then updating the key length to prevent reading outside the allocated memory.


How can this vulnerability impact me? :

This vulnerability can lead to an out-of-bounds read in kernel memory, which may cause system instability, crashes, or potentially expose sensitive information from adjacent memory areas. Since it involves reading beyond the intended memory region, it could be exploited to leak data or cause denial of service in systems using the affected Intel QAT driver.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for KASAN (Kernel Address Sanitizer) warnings related to the intel_qat driver, specifically messages indicating out-of-bounds reads such as 'BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com'. You can check the kernel log using commands like 'dmesg | grep -i qat' or 'journalctl -k | grep -i qat' to look for such warnings.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed, as the issue is resolved by changing the order of copying and updating the key length in the intel_qat driver. Until an update is applied, avoid using the affected QAT GEN4 device features that trigger the vulnerability if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart