CVE-2024-46676

MEDIUM EPSS 15.3%
Published Sep 13, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 13, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-369

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.12  –  <5.4.283
linuxlinux_kernel*≥5.5  –  <5.10.225
linuxlinux_kernel*≥5.11  –  <5.15.166
linuxlinux_kernel*≥5.16  –  <6.1.108
linuxlinux_kernel*≥6.2  –  <6.6.49
linuxlinux_kernel*≥6.7  –  <6.10.8
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53
    Patch