CVE-2024-38381

CVSS v3.1 7.1 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 20

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: Fix uninit-value in nci_rx_work

syzbot reported the following uninit-value access issue [1]

nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.

Weaknesses

CWE-908: Use of Uninitialized Resource

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-06-21 11:15:10
(2 months ago)
Updated Date: 2024-09-09 13:37:39
(7 days ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.19.312 version and prior 6.19.316 version	cpe:2.3:o:linux:linux_kernel	>= 4.19.312	< 6.19.316
Linux Kernel from 5.4.274 version and prior 5.4.278 version	cpe:2.3:o:linux:linux_kernel	>= 5.4.274	< 5.4.278
Linux Kernel from 5.10.215 version and prior 5.10.219 version	cpe:2.3:o:linux:linux_kernel	>= 5.10.215	< 5.10.219
Linux Kernel from 5.15.154 version and prior 5.15.161 version	cpe:2.3:o:linux:linux_kernel	>= 5.15.154	< 5.15.161
Linux Kernel from 6.1.85 version and prior 6.1.93 version	cpe:2.3:o:linux:linux_kernel	>= 6.1.85	< 6.1.93
Linux Kernel from 6.6.26 version and prior 6.6.33 version	cpe:2.3:o:linux:linux_kernel	>= 6.6.26	< 6.6.33
Linux Kernel from 6.8.5 version and prior 6.9.4 version	cpe:2.3:o:linux:linux_kernel	>= 6.8.5	< 6.9.4