CVE - CVE-2022-48967

CVE-ID
CVE-2022-48967	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9 URL:https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9 MISC:https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2 URL:https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2 MISC:https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714 URL:https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714 MISC:https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191 URL:https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191 MISC:https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750 URL:https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750 MISC:https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c URL:https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c MISC:https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64 URL:https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64 MISC:https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae URL:https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae
Assigning CNA
kernel.org
Date Record Created
20240822	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240822)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)