VDB

CISA-2024-26825

CISA-2024-26825 PUBLISHED

Reported by Linux · Published April 17, 2024

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak. As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Affected Products

VendorProductVersions
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8, 6a2968aaf50c7a22fced77a5e24aa636281efca8, 6a2968aaf50c7a22fced77a5e24aa636281efca8
LinuxLinux3.2, 0, 4.19.307
LinuxLinux6a2968aaf50c7a22fced77a5e24aa636281efca8, 6a2968aaf50c7a22fced77a5e24aa636281efca8, 6a2968aaf50c7a22fced77a5e24aa636281efca8

Timeline

  • Apr 17, 2024 CVE Published
  • Dec 19, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›