5.5

CVE-2023-53119

nfc: pn533: initialize struct pn533_out_arg properly

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: initialize struct pn533_out_arg properly

struct pn533_out_arg used as a temporary context for out_urb is not
initialized properly. Its uninitialized 'phy' field can be dereferenced in
error cases inside pn533_out_complete() callback function. It causes the
following failure:

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441
Call Trace:
 <IRQ>
 __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700
 expire_timers+0x234/0x330 kernel/time/timer.c:1751
 __run_timers kernel/time/timer.c:2022 [inline]
 __run_timers kernel/time/timer.c:1995 [inline]
 run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107

Initialize the field with the pn533_usb_phy currently used.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.303 < 4.14.311
LinuxLinux Kernel Version >= 4.19.270 < 4.19.279
LinuxLinux Kernel Version >= 5.4.229 < 5.4.238
LinuxLinux Kernel Version >= 5.10.164 < 5.10.176
LinuxLinux Kernel Version >= 5.15.89 < 5.15.104
LinuxLinux Kernel Version >= 6.1.7 < 6.1.21
LinuxLinux Kernel Version >= 6.2.1 < 6.2.8
LinuxLinux Kernel Version6.2 Update-
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
LinuxLinux Kernel Version6.2 Updaterc6
LinuxLinux Kernel Version6.2 Updaterc7
LinuxLinux Kernel Version6.2 Updaterc8
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.062
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/2bd1ed6d607d7013ed4959e86990a04f028543ef
Patch
https://git.kernel.org/stable/c/4c20a07ed26a71a8ccc9c6d935fc181573f5462e
Patch
https://git.kernel.org/stable/c/0f9c1f26d434c32520dfe33326b28c5954bc4299
Patch
https://git.kernel.org/stable/c/2703da78849c47b6b5b4471edb35fc7b7f91dead
Patch
https://git.kernel.org/stable/c/2bee84369b76f6c9ef71938069c65a6ebd1a12f7
Patch
https://git.kernel.org/stable/c/a97ef110c491b72c138111a595a3a3af56cbc94c
Patch
https://git.kernel.org/stable/c/2cbd4213baf7be5d87d183e2032c54003de0790f
Patch
https://git.kernel.org/stable/c/484b7059796e3bc1cb527caa61dfc60da649b4f6
Patch