CVE-2023-52507

HIGH

Linux Kernel < 4.14.328 - Out-of-Bounds Read

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213

Patch

https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53

Patch

https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0

Patch

https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da

Patch

https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848

Patch

https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb

Patch

https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802

Patch

https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (2)

linux/linux_kernel 6.6 rc1 (5 CPE variants)

linux/linux_kernel 3.2 - 4.14.328

Published Mar 02, 2024

Tracked Since Feb 18, 2026