Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-42130

Published: July 31, 2024Last modified: July 31, 2024

Description

In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf) Syzbot constructed a write() call with a data length of 3 bytes but a count value of 15, which passed too little data to meet the basic requirements of the function nci_rf_intf_activated_ntf_packet(). Therefore, increasing the comparison between data length and count value to avoid problems caused by inconsistent data length and count.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsFixed (6.1.99-r0)
Streamlinux-ltsFixed (6.6.58-r0)

References

ON THIS PAGE