// For flags

CVE-2024-35915

nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet

syzbot reported the following uninit-value access issue [1][2]:

nci_rx_work() parses and processes received packet. When the payload
length is zero, each message type handler reads uninitialized payload
and KMSAN detects this issue. The receipt of a packet with a zero-size
payload is considered unexpected, and therefore, such packets should be
silently discarded.

This patch resolved this issue by checking payload size before calling
each message type handler codes.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: nci: corrigió el valor uninit en nci_dev_up y nci_ntf_packet syzbot informó el siguiente problema de acceso al valor uninit [1][2]: nci_rx_work() analiza y procesa el paquete recibido. Cuando la longitud del payload es cero, cada controlador de tipo de mensaje lee el payload no inicializado y KMSAN detecta este problema. La recepción de un paquete con un payload de tamaño cero se considera inesperada y, por lo tanto, dichos paquetes deben descartarse silenciosamente. Este parche resolvió este problema verificando el tamaño del payload antes de llamar a los códigos de controlador de cada tipo de mensaje.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-17 CVE Reserved
  • 2024-05-19 CVE Published
  • 2024-05-20 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 4.19.312
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 4.19.312"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 5.4.274
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.4.274"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 5.10.215
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.10.215"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 5.15.154
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.15.154"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 6.1.85
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 6.1.85"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 6.6.26
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 6.6.26"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 6.8.5
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 6.8.5"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 6.9"
en
Affected