CVE - CVE-2024-46676

CVE-ID
CVE-2024-46676	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946 URL:https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946 MISC:https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5 URL:https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5 MISC:https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723 URL:https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723 MISC:https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4 URL:https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4 MISC:https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33 URL:https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33 MISC:https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31 URL:https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31 MISC:https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53 URL:https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53
Assigning CNA
kernel.org
Date Record Created
20240911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)