CVE-2023-53729

The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53729.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9b8a11e82615274d4133aab3cf5aa1c59191f0a2

Fixed

6b58859e7c4ac357517a59f0801e8ce1b58a8ee2

Fixed

64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e

Fixed

2ccab9f82772ead618689d17dbc6950d6bd1e741

Fixed

b2f39b813d1eed4a522428d1e6acd7dfe9b81579

Fixed

f6250ecb7fbb934b89539e7e2ba6c1d8555c0975

Fixed

22ee7c9c7f381be178b4457bc54530002e08e938

Fixed

8d207400fd6b79c92aeb2f33bb79f62dff904ea2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53729.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.16.0

Fixed

4.19.295

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.257

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.195

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.132

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.54

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.5.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53729.json"