CVE-2023-53493

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53493

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53493.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-53493

Downstream

BELL-CVE-2023-53493

DEBIAN-CVE-2023-53493

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

UBUNTU-CVE-2023-53493

Related

Published

2025-10-01T11:45:44.939Z

Modified

2026-02-20T12:08:27.961426Z

Summary

accel/qaic: tighten bounds checking in decode_message()

Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: tighten bounds checking in decode_message()

Copy the bounds checking from encodemessage() to decodemessage().

This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later.

if (msg_hdr_len < sizeof(*trans_hdr))

Ensure that we have enough space to read the next header from the msg->data.

if (msg_len > msg_hdr_len - sizeof(*trans_hdr))
    return -EINVAL;

Check that the trans_hdr->len is not below the minimum size:

if (hdr_len < sizeof(*trans_hdr))

This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do.

memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr));

And finally, use size_add() to prevent an integer overflow:

if (size_add(msg_len, hdr_len) > msg_hdr_len)

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53493.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

129776ac2e38231fa9c02ce20e116c99de291666

Fixed

57d14cb3bae4619ce2fb5235cb318c3d5d8f53fd

Fixed

51b56382ed2a2b03347372272362b3baa623ed1e

Affected versions

v6.*

v6.3

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.5-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "length": 1062.0,
            "function_hash": "120533787261114499327101449793903427192"
        },
        "signature_version": "v1",
        "target": {
            "function": "decode_message",
            "file": "drivers/accel/qaic/qaic_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57d14cb3bae4619ce2fb5235cb318c3d5d8f53fd",
        "id": "CVE-2023-53493-10ea2f02",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 1062.0,
            "function_hash": "120533787261114499327101449793903427192"
        },
        "signature_version": "v1",
        "target": {
            "function": "decode_message",
            "file": "drivers/accel/qaic/qaic_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51b56382ed2a2b03347372272362b3baa623ed1e",
        "id": "CVE-2023-53493-5b162a33",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "4305169909009187047365303497245898814",
                "211394557993844105981909686284444850628",
                "155915300417874766623713677219768553605",
                "92660603710967929815283368268471593835",
                "18586086284930739912116607360965748271",
                "150274500015868628338426223013320099780",
                "126065429242522409208605009517009599716",
                "312109327717527854001063503741534107745",
                "146568549808387894089744070627854649579",
                "335594668963289008766175178112851803619"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "drivers/accel/qaic/qaic_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51b56382ed2a2b03347372272362b3baa623ed1e",
        "id": "CVE-2023-53493-ca7a9694",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "4305169909009187047365303497245898814",
                "211394557993844105981909686284444850628",
                "155915300417874766623713677219768553605",
                "92660603710967929815283368268471593835",
                "18586086284930739912116607360965748271",
                "150274500015868628338426223013320099780",
                "126065429242522409208605009517009599716",
                "312109327717527854001063503741534107745",
                "146568549808387894089744070627854649579",
                "335594668963289008766175178112851803619"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "drivers/accel/qaic/qaic_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57d14cb3bae4619ce2fb5235cb318c3d5d8f53fd",
        "id": "CVE-2023-53493-f6de3850",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53493.json"

Git / github.com/gregkh/linux