CVE-2024-35915
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded.
This patch resolved this issue by checking payload size before calling each message type handler codes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 11387b2effbb55f58dc2111ef4b4b896f2756240 | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 03fe259649a551d336a7f20919b641ea100e3fff | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < ac68d9fa09e410fa3ed20fb721d56aa558695e16 | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < a946ebee45b09294c8b0b0e77410b763c4d2817a | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < 8948e30de81faee87eeee01ef42a1f6008f5a83a | affected |
| Linux | Linux | 6a2968aaf50c7a22fced77a5e24aa636281efca8 < d24b03535e5eb82e025219c2f632b485409c898f | affected |
| Linux | Linux | 3.2 | affected |
| Linux | Linux | 0 < 3.2 | unaffected |
| Linux | Linux | 4.19.312 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.274 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.215 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.154 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.85 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.26 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.5 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240
- https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff
- https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c
- https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16
- https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7
- https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a
- https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f6008f5a83a
- https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Additional References
References
- https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240
- https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff
- https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c
- https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16
- https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7
- https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a
- https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f6008f5a83a
- https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.