CVE-2024-35915
Published: May 19, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolved this issue by checking payload size before calling each message type handler codes.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 11387b2effbb55f58dc2111ef4b4b896f2756240affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 03fe259649a551d336a7f20919b641ea100e3fffaffected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < 755e53bbc61bc1aff90eafa64c8c2464fd3dfa3caffected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < ac68d9fa09e410fa3ed20fb721d56aa558695e16affected 6a2968aaf50c7a22fced77a5e24aa636281efca8 - < b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7+3 more versions |
Linux | Linux | affected 3.2unaffected 0 - < 3.2unaffected 4.19.312 - <= 4.19.*unaffected 5.4.274 - <= 5.4.*unaffected 5.10.215 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now