CVE-2024-38381Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized ResourceCWE-99Resource Injection42 documents7 sources
Severity
7.1HIGHNVD
OSV7.8OSV5.5
EPSS
0.0%
top 98.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJun 21
Latest updateSep 25

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages13 packages

NVDlinux/linux_kernel4.19.3124.19.316+6
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-192.212+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-hwe-6.82024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-ibm-5.15, linux-oracle-5.15 vulnerabilities2024-09-23

📋Vendor Advisories

21
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23