Lucene search
Redhat.comRH:CVE-2024-35915HistoryMay 20, 2024 - 10:45 a.m.
CVE-2024-35915
2024-05-2010:45:22
redhat.com
access.redhat.com
4
linux kernel
nfc
uninit-value
vulnerability
fixed
syzbot
nci
payload
kmsan
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolved this issue by checking payload size before calling each message type handler codes.
Related
debiancve
debiancve
CVE-2024-35915
2024-05-19 09:15:11
ubuntucve
ubuntucve
CVE-2024-35915
2024-05-19 00:00:00
cvelist
cvelist
CVE-2024-35915 nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
2024-05-19 08:35:08
nvd
nvd
CVE-2024-35915
2024-05-19 09:15:11
cve
cve
CVE-2024-35915
2024-05-19 09:15:11
vulnrichment
vulnrichment
CVE-2024-35915 nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
2024-05-19 08:35:08
nessus
nessus
Debian dla-3840 : hyperv-daemons - security update
2024-06-27 00:00:00
Debian dla-3842 : linux-config-5.10 - security update
2024-06-27 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
2024-06-22 00:00:00
osv
osv
linux - security update
2024-06-25 00:00:00
linux-5.10 - security update
2024-06-25 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3842-1)
2024-06-26 00:00:00