Vulnerability Details CVE-2024-38381
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_rx_work
syzbot reported the following uninit-value access issue [1]
nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.2%
CVSS Severity
CVSS v3 Score 7.1
References
- https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
- https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
- https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
- https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
- https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
- https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
- https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
- https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
- https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
- https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
- https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
- https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
- https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
- https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
- https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
- https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
Products affected by CVE-2024-38381
-
cpe:2.3:o:linux:linux_kernel:4.19.312
-
cpe:2.3:o:linux:linux_kernel:4.19.313
-
cpe:2.3:o:linux:linux_kernel:4.19.314
-
cpe:2.3:o:linux:linux_kernel:4.19.315
-
cpe:2.3:o:linux:linux_kernel:5.10.215
-
cpe:2.3:o:linux:linux_kernel:5.10.216
-
cpe:2.3:o:linux:linux_kernel:5.10.217
-
cpe:2.3:o:linux:linux_kernel:5.10.218
-
cpe:2.3:o:linux:linux_kernel:5.15.154
-
cpe:2.3:o:linux:linux_kernel:5.15.155
-
cpe:2.3:o:linux:linux_kernel:5.15.156
-
cpe:2.3:o:linux:linux_kernel:5.15.157
-
cpe:2.3:o:linux:linux_kernel:5.15.158
-
cpe:2.3:o:linux:linux_kernel:5.15.159
-
cpe:2.3:o:linux:linux_kernel:5.15.160
-
cpe:2.3:o:linux:linux_kernel:5.4.274
-
cpe:2.3:o:linux:linux_kernel:5.4.275
-
cpe:2.3:o:linux:linux_kernel:5.4.276
-
cpe:2.3:o:linux:linux_kernel:5.4.277
-
cpe:2.3:o:linux:linux_kernel:6.1.85
-
cpe:2.3:o:linux:linux_kernel:6.1.86
-
cpe:2.3:o:linux:linux_kernel:6.1.87
-
cpe:2.3:o:linux:linux_kernel:6.1.88
-
cpe:2.3:o:linux:linux_kernel:6.1.89
-
cpe:2.3:o:linux:linux_kernel:6.1.90
-
cpe:2.3:o:linux:linux_kernel:6.1.91
-
cpe:2.3:o:linux:linux_kernel:6.1.92
-
cpe:2.3:o:linux:linux_kernel:6.6.26
-
cpe:2.3:o:linux:linux_kernel:6.6.27
-
cpe:2.3:o:linux:linux_kernel:6.6.28
-
cpe:2.3:o:linux:linux_kernel:6.6.29
-
cpe:2.3:o:linux:linux_kernel:6.6.30
-
cpe:2.3:o:linux:linux_kernel:6.6.31
-
cpe:2.3:o:linux:linux_kernel:6.6.32
-
cpe:2.3:o:linux:linux_kernel:6.8.10
-
cpe:2.3:o:linux:linux_kernel:6.8.11
-
cpe:2.3:o:linux:linux_kernel:6.8.12
-
cpe:2.3:o:linux:linux_kernel:6.8.5
-
cpe:2.3:o:linux:linux_kernel:6.8.6
-
cpe:2.3:o:linux:linux_kernel:6.8.7
-
cpe:2.3:o:linux:linux_kernel:6.8.8
-
cpe:2.3:o:linux:linux_kernel:6.8.9
-
cpe:2.3:o:linux:linux_kernel:6.9
-
cpe:2.3:o:linux:linux_kernel:6.9.1
-
cpe:2.3:o:linux:linux_kernel:6.9.2
-
cpe:2.3:o:linux:linux_kernel:6.9.3