| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102216-CVE-2023-53729-ef1a@gregkh> Date: Wed, 22 Oct 2025 15:25:08 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53729: soc: qcom: qmi_encdec: Restrict string length in decode From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a string is actually MAX_LEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding. The Linux kernel CVE team has assigned CVE-2023-53729 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 4.19.295 with commit 6b58859e7c4ac357517a59f0801e8ce1b58a8ee2 Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 5.4.257 with commit 64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 5.10.195 with commit 2ccab9f82772ead618689d17dbc6950d6bd1e741 Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 5.15.132 with commit b2f39b813d1eed4a522428d1e6acd7dfe9b81579 Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 6.1.54 with commit f6250ecb7fbb934b89539e7e2ba6c1d8555c0975 Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 6.5.4 with commit 22ee7c9c7f381be178b4457bc54530002e08e938 Issue introduced in 4.16 with commit 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 and fixed in 6.6 with commit 8d207400fd6b79c92aeb2f33bb79f62dff904ea2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53729 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/soc/qcom/qmi_encdec.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6b58859e7c4ac357517a59f0801e8ce1b58a8ee2 https://git.kernel.org/stable/c/64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e https://git.kernel.org/stable/c/2ccab9f82772ead618689d17dbc6950d6bd1e741 https://git.kernel.org/stable/c/b2f39b813d1eed4a522428d1e6acd7dfe9b81579 https://git.kernel.org/stable/c/f6250ecb7fbb934b89539e7e2ba6c1d8555c0975 https://git.kernel.org/stable/c/22ee7c9c7f381be178b4457bc54530002e08e938 https://git.kernel.org/stable/c/8d207400fd6b79c92aeb2f33bb79f62dff904ea2
Powered by blists - more mailing lists