CVE-2023-53729
soc: qcom: qmi_encdec: Restrict string length in decode
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a string is actually MAX_LEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding.
INFO
Published Date :
Oct. 22, 2025, 2:15 p.m.
Last Modified :
Oct. 22, 2025, 9:12 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the Linux kernel qmi_encdec string length restriction patch.
- Ensure string lengths do not exceed MAX_LEN + 1.
- Verify proper NULL character termination during decoding.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53729.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53729 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53729
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53729 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53729 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 22, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a string is actually MAX_LEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding. Added Reference https://git.kernel.org/stable/c/22ee7c9c7f381be178b4457bc54530002e08e938 Added Reference https://git.kernel.org/stable/c/2ccab9f82772ead618689d17dbc6950d6bd1e741 Added Reference https://git.kernel.org/stable/c/64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e Added Reference https://git.kernel.org/stable/c/6b58859e7c4ac357517a59f0801e8ce1b58a8ee2 Added Reference https://git.kernel.org/stable/c/8d207400fd6b79c92aeb2f33bb79f62dff904ea2 Added Reference https://git.kernel.org/stable/c/b2f39b813d1eed4a522428d1e6acd7dfe9b81579 Added Reference https://git.kernel.org/stable/c/f6250ecb7fbb934b89539e7e2ba6c1d8555c0975