CVE-2023-54179

Vulnerability

CVE-2023-54179 is an out-of-bounds array index vulnerability in the Linux kernel's qla2xxx SCSI driver. The issue was reported by Klocwork static analysis, which identified that the array vha->host_str, defined with a size of 16, could be accessed using index values 16 through 19. This occurs because the code used sprintf() without length checking, allowing writes beyond the allocated buffer.

Exploitation

Exploitation requires no special privileges beyond the ability to trigger the vulnerable code path in the qla2xxx driver. The attack surface is local, as the driver is part of the kernel and accessible to users with sufficient permissions to interact with SCSI devices. The vulnerability is a classic buffer overflow caused by unbounded string formatting.

Impact

An attacker who successfully triggers the out-of-bounds write could corrupt adjacent kernel memory, potentially leading to system instability, denial of service, or privilege escalation. The exact impact depends on the memory layout and what data is overwritten.

Mitigation

The fix replaces sprintf() with snprintf(), which limits the number of bytes written to the array, preventing the out-of-bounds access. The patch has been applied to the stable kernel branches as referenced in the commit logs [1][2][3]. Users should update their kernels to include this fix.