CVE-2023-52507

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: assert requested protocol is valid

The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 2c231a247a1d1628e41fa1eefd1a5307c41c5f53affected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < a686f84101680b8442181a8846fbd3c934653729affected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 95733ea130e35ef9ec5949a5908dde3feaba92cbaffected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < a424807d860ba816aaafc3064b46b456361c0802affected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 25dd54b95abfdca423b65a4ee620a774777d8213affected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 853dda54ba59ea70d5580a298b7ede4707826848affected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 6584eba7688dcf999542778b07f63828c21521daaffected
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8 < 354a6e707e29cb0c007176ee5b8db8be7bd2dee0affected
LinuxLinux3.2affected
LinuxLinux0 < 3.2unaffected
LinuxLinux4.14.328 <= 4.14.*unaffected
LinuxLinux4.19.297 <= 4.19.*unaffected
LinuxLinux5.4.259 <= 5.4.*unaffected
LinuxLinux5.10.199 <= 5.10.*unaffected
LinuxLinux5.15.136 <= 5.15.*unaffected
LinuxLinux6.1.59 <= 6.1.*unaffected
LinuxLinux6.5.8 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References