| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120938-CVE-2022-50656-4655@gregkh> Date: Tue, 9 Dec 2025 09:01:57 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50656: nfc: pn533: Clear nfc_target before being used From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64 The Linux kernel CVE team has assigned CVE-2022-50656 to this issue. Affected and fixed versions =========================== Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 4.9.337 with commit 9da4a0411f3455e3885831d0758bee3e3d565bbc Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 4.14.303 with commit 61a7e15d55fae329a245535c3bac494e401005b8 Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 4.19.270 with commit bef2f478513e7367ef3b05441f6afca981de29be Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 5.4.229 with commit 8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03 Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 5.10.163 with commit aea9e64dec2cc6cd742e07ecd4e6236fc76b389b Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 5.15.86 with commit aae9c24ebd901f482e6c88b6f9e0c80dc5b536d6 Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 6.0.16 with commit 755019e37815a66bb0a23893debbd3dd640ccbd3 Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 6.1.2 with commit e491285b4d08884b622638be8e4961eb43b0af64 Issue introduced in 3.3 with commit 361f3cb7f9cfdb82c80926d0e7843c098c034545 and fixed in 6.2 with commit 9f28157778ede0d4f183f7ab3b46995bb400abbe Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50656 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/nfc/pn533/pn533.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9da4a0411f3455e3885831d0758bee3e3d565bbc https://git.kernel.org/stable/c/61a7e15d55fae329a245535c3bac494e401005b8 https://git.kernel.org/stable/c/bef2f478513e7367ef3b05441f6afca981de29be https://git.kernel.org/stable/c/8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03 https://git.kernel.org/stable/c/aea9e64dec2cc6cd742e07ecd4e6236fc76b389b https://git.kernel.org/stable/c/aae9c24ebd901f482e6c88b6f9e0c80dc5b536d6 https://git.kernel.org/stable/c/755019e37815a66bb0a23893debbd3dd640ccbd3 https://git.kernel.org/stable/c/e491285b4d08884b622638be8e4961eb43b0af64 https://git.kernel.org/stable/c/9f28157778ede0d4f183f7ab3b46995bb400abbe
Powered by blists - more mailing lists