CVE-2024-42130

nfc/nci: Add the inconsistency check between the input data length and count

Description

In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf) Syzbot constructed a write() call with a data length of 3 bytes but a count value of 15, which passed too little data to meet the basic requirements of the function nci_rf_intf_activated_ntf_packet(). Therefore, increasing the comparison between data length and count value to avoid problems caused by inconsistent data length and count.

N/A
CVSS
Severity:
EPSS 0.10%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f
https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42
https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a
https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08
https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979

Frequently Asked Questions

What is the severity of CVE-2024-42130?
CVE-2024-42130 has not yet been assigned a CVSS score.
How to fix CVE-2024-42130?
To fix CVE-2024-42130, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42130 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42130 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42130?
CVE-2024-42130 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.