PT-2025-43130 · Linux+2 · Linux Kernel+2

Published

2023-08-03

Updated

2025-11-28

CVE-2023-53729

CVSS v2.0

5.7

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to Qualcomm QMI encoding and decoding. The QMI TLV value for strings within various QMI element info structures allocates space for null-terminated strings using MAX LEN + 1. If a string reaches the maximum length of MAX LEN + 1, appending a null character during decoding can lead to an out-of-bounds access. The vulnerable code involves decoding strings within QMI TLV structures.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2026-04015

CVE-2023-53729

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Linux Kernel

Qualcomm Qmi

Suse

PT-2025-43130 · Linux+2 · Linux Kernel+2

CVE-2023-53729

Weakness Enumeration

Related Identifiers

Affected Products

References · 1021