{"id":"CVE-2023-53729","summary":"soc: qcom: qmi_encdec: Restrict string length in decode","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.","modified":"2026-04-02T09:45:01.156034Z","published":"2025-10-22T13:23:57.739Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4301-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53729.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/22ee7c9c7f381be178b4457bc54530002e08e938"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ccab9f82772ead618689d17dbc6950d6bd1e741"},{"type":"WEB","url":"https://git.kernel.org/stable/c/64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b58859e7c4ac357517a59f0801e8ce1b58a8ee2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d207400fd6b79c92aeb2f33bb79f62dff904ea2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2f39b813d1eed4a522428d1e6acd7dfe9b81579"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6250ecb7fbb934b89539e7e2ba6c1d8555c0975"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53729.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53729"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9b8a11e82615274d4133aab3cf5aa1c59191f0a2"},{"fixed":"6b58859e7c4ac357517a59f0801e8ce1b58a8ee2"},{"fixed":"64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e"},{"fixed":"2ccab9f82772ead618689d17dbc6950d6bd1e741"},{"fixed":"b2f39b813d1eed4a522428d1e6acd7dfe9b81579"},{"fixed":"f6250ecb7fbb934b89539e7e2ba6c1d8555c0975"},{"fixed":"22ee7c9c7f381be178b4457bc54530002e08e938"},{"fixed":"8d207400fd6b79c92aeb2f33bb79f62dff904ea2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53729.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.16.0"},{"fixed":"4.19.295"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.257"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.132"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.54"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.5.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53729.json"}}],"schema_version":"1.7.5"}