7.1
CVE-2024-38381
- EPSS 0.26%
- Veröffentlicht 21.06.2024 11:15:10
- Zuletzt bearbeitet 12.05.2026 12:16:52
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
nfc: nci: Fix uninit-value in nci_rx_work
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.19.312 < 4.19.316
Linux ≫ Linux Kernel Version >= 5.4.274 < 5.4.278
Linux ≫ Linux Kernel Version >= 5.10.215 < 5.10.219
Linux ≫ Linux Kernel Version >= 5.15.154 < 5.15.161
Linux ≫ Linux Kernel Version >= 6.1.85 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.6.26 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.8.5 < 6.9.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html