CVE-2022-48967

Oct. 25, 2024, 9:27 p.m.

7.1
High

Description

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.1 rc1 / / / / / /
o linux linux_kernel 6.1 rc2 / / / / / /
o linux linux_kernel 6.1 rc3 / / / / / /
o linux linux_kernel 6.1 rc4 / / / / / /
o linux linux_kernel 6.1 rc5 / / / / / /
o linux linux_kernel 6.1 rc6 / / / / / /
o linux linux_kernel 6.1 rc7 / / / / / /
o linux linux_kernel 6.1 rc8 / / / / / /

References

https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9
https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2
https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714
https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191
https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750
https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c
https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64
https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-129
2024-10-21
CVE-2022-48967

CVSS Score

7.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 8:15 p.m.
Last Modified: Oct. 25, 2024, 9:27 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.