CVE-2024-53163: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53163 affects the Linux kernel's crypto subsystem, specifically in the Intel QuickAssist Technology (QAT) 420xx driver. The vulnerability was discovered and disclosed on December 24, 2024. The issue involves an off-by-one error in the uofgetname() function, which is called from uofgetname420xx() where 'numobjs' is the ARRAYSIZE() of fwobjs[]. The vulnerability affects Linux kernel versions from 6.8 to 6.11.11 and 6.12 to 6.12.2 (NVD).

The vulnerability stems from an incorrect boundary check in the uofgetname() function within the QAT 420xx driver. The condition 'id > numobjs' needs to be changed to 'id >= numobjs' to prevent an out-of-bounds access. This issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-193 (Off-by-one Error) (NVD, Kernel Patch).

The vulnerability could allow an attacker to cause an out-of-bounds access in the kernel's crypto subsystem, potentially leading to system crashes or denial of service conditions. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in the Linux kernel through patches that correct the boundary check condition. The fix changes the comparison operator from '>' to '>=' in the affected code. Users should upgrade to patched kernel versions. The fix has been backported to affected stable kernel versions (Kernel Patch).