Total vulnerabilities in the database
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded.
This patch resolved this issue by checking payload size before calling each message type handler codes.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.9-rc1 | 6.9-rc1.x |
| linux / linux_kernel | 5.5 | 5.10.215 |
| linux / linux_kernel | 5.11 | 5.15.154 |
| linux / linux_kernel | 4.20 | 5.4.274 |
| linux / linux_kernel | 6.7 | 6.8.5 |
| linux / linux_kernel | 6.2 | 6.6.26 |
| linux / linux_kernel | 3.2 | 4.19.312 |
| linux / linux_kernel | 5.16 | 6.1.85 |
| debian / debian_linux | 10.0 | 10.0.x |