CVE-2024-38381

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: Fix uninit-value in nci_rx_work

syzbot reported the following uninit-value access issue [1]

nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux11387b2effbb55f58dc2111ef4b4b896f2756240 < 406cfac9debd4a6d3dc5d9258ee086372a8c08b6affected
LinuxLinux03fe259649a551d336a7f20919b641ea100e3fff < 485ded868ed62ceb2acb3a459d7843fd71472619affected
LinuxLinux755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c < f80b786ab0550d0020191a59077b2c7e069db2d1affected
LinuxLinuxac68d9fa09e410fa3ed20fb721d56aa558695e16 < ad4d196d2008c7f413167f0a693feb4f0439d7feaffected
LinuxLinuxb51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 < e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3affected
LinuxLinuxa946ebee45b09294c8b0b0e77410b763c4d2817a < e53a7f8afcbd2886f2a94c5d56757328109730eaaffected
LinuxLinuxd24b03535e5eb82e025219c2f632b485409c898f < 017ff397624930fd7ac7f1761f3c9d6a7100f68caffected
LinuxLinuxd24b03535e5eb82e025219c2f632b485409c898f < e4a87abf588536d1cdfb128595e6e680af5cf3edaffected
LinuxLinux8948e30de81faee87eeee01ef42a1f6008f5a83aaffected
LinuxLinux4.19.312 < 4.19.316affected
LinuxLinux5.4.274 < 5.4.278affected
LinuxLinux5.10.215 < 5.10.219affected
LinuxLinux5.15.154 < 5.15.161affected
LinuxLinux6.1.85 < 6.1.93affected
LinuxLinux6.6.26 < 6.6.33affected
LinuxLinux6.8.5 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux4.19.316 <= 4.19.*unaffected
LinuxLinux5.4.278 <= 5.4.*unaffected
LinuxLinux5.10.219 <= 5.10.*unaffected
LinuxLinux5.15.161 <= 5.15.*unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.9.4 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References