CVE-2023-53729 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

6.6MEDIUM

No vector

EPSS

0.0%

top 88.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a string is actually MAX_LEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.16.0 — 4.19.295+5

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶CVEListV5linux/linux9b8a11e82615274d4133aab3cf5aa1c59191f0a2 — 6b58859e7c4ac357517a59f0801e8ce1b58a8ee2+7

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

OSV

soc: qcom: qmi_encdec: Restrict string length in decode↗2025-10-22

▶

OSV

CVE-2023-53729: In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for stri↗2025-10-22

▶

GHSA

GHSA-x9cj-hfg7-wvpw: In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for st↗2025-10-22

▶

📋Vendor Advisories

Red Hat

kernel: soc: qcom: qmi_encdec: Restrict string length in decode↗2025-10-22

▶

Debian

CVE-2023-53729: linux - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ...↗2023

▶