5.5

CVE-2023-53139

nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties

In the Linux kernel, the following vulnerability has been resolved:

nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties

devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause
out-of-bounds write in device_property_read_u8_array later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4 < 4.14.310
LinuxLinux Kernel Version >= 4.15 < 4.19.278
LinuxLinux Kernel Version >= 4.20 < 5.4.237
LinuxLinux Kernel Version >= 5.5 < 5.10.175
LinuxLinux Kernel Version >= 5.11 < 5.15.103
LinuxLinux Kernel Version >= 5.16 < 6.1.20
LinuxLinux Kernel Version >= 6.2 < 6.2.7
LinuxLinux Kernel Version6.3 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/ad11b872bc9b5d27e56183c6b01f9218c85395d2
Patch
https://git.kernel.org/stable/c/98f49e693e02c1dafd5786be3468657840dd6f06
Patch
https://git.kernel.org/stable/c/0a3664a1058d4b2b1ea2112cc275ca47fba7fc08
Patch
https://git.kernel.org/stable/c/80be62358fa5507cefbaa067c7e6648401f2c3da
Patch
https://git.kernel.org/stable/c/4357bbb921fe9e81d0fd9f70d669d1f177d8380e
Patch
https://git.kernel.org/stable/c/ce93f1afc05941a572f5a69e2ed4012af905a693
Patch
https://git.kernel.org/stable/c/27824b2f98818215adc9661e563252c48dab1a13
Patch
https://git.kernel.org/stable/c/11f180a5d62a51b484e9648f9b310e1bd50b1a57
Patch