CVE-2023-53578

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to uninitialized variable access within the qrtr tx resume() function. The issue occurs due to an insufficient size check in qrtr endpoint post() when handling QRTR TYPE RESUME TX, leading to the use of an uninitialized variable. This condition is triggered under specific Syzbot scenarios. The qrtr tx resume() function and qrtr endpoint post() are involved in the process, and the skb->len variable requires a minimum size of sizeof(struct qrtr ctrl pkt). The vulnerability is related to the handling of network packets and the qrtr (Qualcomm Radio Transport) protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-457

Related Identifiers

ALSA-2025_16880

BDU:2026-04435

CESA-2021_4356

CESA-2023_7077

CVE-2023-53578

RHSA-2021:4356

RHSA-2021_4356

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4149-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2023-53578

Weakness Enumeration

Related Identifiers

Affected Products

References · 445