7.1

CVE-2024-38381

nfc: nci: Fix uninit-value in nci_rx_work

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: Fix uninit-value in nci_rx_work

syzbot reported the following uninit-value access issue [1]

nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.312 < 4.19.316
LinuxLinux Kernel Version >= 5.4.274 < 5.4.278
LinuxLinux Kernel Version >= 5.10.215 < 5.10.219
LinuxLinux Kernel Version >= 5.15.154 < 5.15.161
LinuxLinux Kernel Version >= 6.1.85 < 6.1.93
LinuxLinux Kernel Version >= 6.6.26 < 6.6.33
LinuxLinux Kernel Version >= 6.8.5 < 6.9.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.168
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
Patch
https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
Patch
https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
Patch
https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
Patch
https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
Patch
https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
Patch
https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
Patch
https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html