7.1
CVE-2024-38381
- EPSS 0.01%
- Veröffentlicht 21.06.2024 11:15:10
- Zuletzt bearbeitet 04.11.2025 18:16:25
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
LoginIn the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.19.312 < 4.19.316
Linux ≫ Linux Kernel Version >= 5.4.274 < 5.4.278
Linux ≫ Linux Kernel Version >= 5.10.215 < 5.10.219
Linux ≫ Linux Kernel Version >= 5.15.154 < 5.15.161
Linux ≫ Linux Kernel Version >= 6.1.85 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.6.26 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.8.5 < 6.9.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.009 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.