CVE-2022-48967

Updated: 2024-10-25

CWE: CWE-129

Description:

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks.

CVSS3: 7.1


Vendor State

OS Vendor version Errata
Ubuntu 18.04 4.15.0-206.217 USN-5920-1
Ubuntu 18.04 AWS 4.15.0-1151.164 USN-5920-1
Ubuntu 18.04 HWE Focal 5.4.0-144.161~18.04.1 USN-5917-1
Ubuntu 20.04 5.4.0-144.161 USN-5917-1
Ubuntu 18.04 AWS Focal 5.4.0-1097.105~18.04.1 USN-5917-1
Ubuntu 18.04 Azure Focal 5.4.0-1104.110~18.04.1 USN-5917-1
Ubuntu 20.04 AWS 5.4.0-1097.105 USN-5917-1
Ubuntu 16.04 HWE ESM 4.15.0-206.217~16.04.1 USN-5883-1
Ubuntu 16.04 GCP ESM 4.15.0-1146.162~16.04.1 USN-6007-1
Ubuntu 16.04 AWS HWE ESM 4.15.0-1151.164~16.04.1 USN-5919-1
Ubuntu 16.04 Azure ESM 4.15.0-1162.177~16.04.1 USN-5975-1
Debian 11 5.10.162-1 DSA-5324-1
Ubuntu 22.04 5.15.0-67.74 USN-5912-1
Ubuntu 22.04 AWS 5.15.0-1031.35 USN-5912-1
Ubuntu 22.04 Azure 5.15.0-1034.41 USN-5912-1

KernelCare State

OS Original kernel version State
Ubuntu 18.04
Planned
Ubuntu 18.04 AWS
Planned
Ubuntu 18.04 HWE Focal
Planned
Ubuntu 20.04
Planned
Ubuntu 18.04 AWS Focal
Planned
Ubuntu 18.04 Azure Focal
Planned
Ubuntu 20.04 AWS
Planned
Ubuntu 16.04 HWE ESM
Planned
Ubuntu 16.04 GCP ESM
Planned
Ubuntu 16.04 AWS HWE ESM
Planned
Ubuntu 16.04 Azure ESM
Planned
Debian 11
Planned
Ubuntu 22.04
Planned
Ubuntu 22.04 AWS
Planned
Ubuntu 22.04 Azure
Planned