7.1
CVE-2022-48967
- EPSS 0.24%
- Veröffentlicht 21.10.2024 20:15:08
- Zuletzt bearbeitet 25.10.2024 21:27:46
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
NFC: nci: Bounds check struct nfc_target arrays
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.4 < 4.9.336
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.302
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.269
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.227
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.159
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.83
Linux ≫ Linux Kernel Version >= 5.16 < 6.0.13
Linux ≫ Linux Kernel Version6.1 Updaterc1
Linux ≫ Linux Kernel Version6.1 Updaterc2
Linux ≫ Linux Kernel Version6.1 Updaterc3
Linux ≫ Linux Kernel Version6.1 Updaterc4
Linux ≫ Linux Kernel Version6.1 Updaterc5
Linux ≫ Linux Kernel Version6.1 Updaterc6
Linux ≫ Linux Kernel Version6.1 Updaterc7
Linux ≫ Linux Kernel Version6.1 Updaterc8
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.143 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9
https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2
https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714
https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191
https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750
https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c
https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64
https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae