Out-of-Bounds Read Vulnerability in Intel QAT Driver for Linux Kernel
CVE-2023-54325

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 December 2025

What is CVE-2023-54325?

A vulnerability in the Intel QuickAssist Technology (QAT) driver for the Linux kernel allows for an out-of-bounds read when handling AER-CTR requests. The issue arises during the key copying process, where the driver incorrectly rounds the key size before completing the copy operation. If the key size is overshot, it may attempt to read memory outside the allocated area, potentially enabling unauthorized access to sensitive data. This flaw has been rectified to ensure key length is correctly determined after the copy process to mitigate the associated risks.

Affected Version(s)

Linux 67916c9516893528ecce060ada1f58af0ce33d93 < 7697139d5dfd491f4c495a914a1dd68f6e827a0f

Linux 67916c9516893528ecce060ada1f58af0ce33d93

Linux 67916c9516893528ecce060ada1f58af0ce33d93 < 2b1501f058245573a3aa6bf234d205dde1196184

References

https://git.kernel.org/stable/c/7697139d5dfd491f4c495a914...
https://git.kernel.org/stable/c/dc3809f390357c8992f0a2308...
https://git.kernel.org/stable/c/2b1501f058245573a3aa6bf23...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-54325 : Out-of-Bounds Read Vulnerability in Intel QAT Driver for Linux Kernel