CVE-2024-38381

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c - Patch () https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c - Patch
References () https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6 - Patch () https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6 - Patch
References () https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619 - Patch () https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619 - Patch
References () https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe - Patch () https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe - Patch
References () https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed - Patch () https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed - Patch
References () https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea - Patch () https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea - Patch
References () https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3 - Patch () https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3 - Patch
References () https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1 - Patch () https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1 - Patch

09 Sep 2024, 13:37

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c - () https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c - Patch
References () https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6 - () https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6 - Patch
References () https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619 - () https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619 - Patch
References () https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe - () https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe - Patch
References () https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed - () https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed - Patch
References () https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea - () https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea - Patch
References () https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3 - () https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3 - Patch
References () https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1 - () https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE CWE-908
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

15 Jul 2024, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Jun 2024, 13:16

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: nci: corrigió el valor uninit en nci_rx_work syzbot informó el siguiente problema de acceso al valor uninit [1] nci_rx_work() analiza el paquete recibido de ndev->rx_q. Se debe validar el tamaño del encabezado, el tamaño del payload y el tamaño total del paquete antes de procesar el paquete. Si se detecta un paquete no válido, se debe descartar silenciosamente.
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

21 Jun 2024, 11:22

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 11:15

Updated : 2024-11-21 09:25


NVD link : CVE-2024-38381

Mitre link : CVE-2024-38381

CVE.ORG link : CVE-2024-38381


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-908

Use of Uninitialized Resource