7.1
CVE-2024-38381
- EPSS 0.01%
- Published 21.06.2024 11:15:10
- Last modified 04.11.2025 18:16:25
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.19.312 < 4.19.316
Linux ≫ Linux Kernel Version >= 5.4.274 < 5.4.278
Linux ≫ Linux Kernel Version >= 5.10.215 < 5.10.219
Linux ≫ Linux Kernel Version >= 5.15.154 < 5.15.161
Linux ≫ Linux Kernel Version >= 6.1.85 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.6.26 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.8.5 < 6.9.4
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.009 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.