CVE-2024-46676

Sept. 23, 2024, 2:42 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-369
Divide By Zero
The product divides a value by zero.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /
o linux linux_kernel 6.11 rc3 / / / / / /
o linux linux_kernel 6.11 rc4 / / / / / /
o linux linux_kernel 6.11 rc5 / / / / / /

References

https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946
https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5
https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723
https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4
https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33
https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31
https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-369
2024-09-13
CVE-2024-46676

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 13, 2024, 6:15 a.m.
Last Modified: Sept. 23, 2024, 2:42 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.