CVE-2023-52507

HIGH

Linux Kernel 3.2-4.14.327 - Out-of-bounds Read in NFC NCI Protocol Validation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53

Patch

https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729

Patch

https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb

Patch

https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802

Patch

https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213

Patch

https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848

Patch

https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da

Patch

https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0

Scores

CVSS v3 7.1

EPSS 0.0024

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (20)

Linux/Linux < 3.2

Linux/Linux 3.2

Linux/Linux 4.14.328 - 4.14.*

Linux/Linux 4.19.297 - 4.19.*

Linux/Linux 5.10.199 - 5.10.*

Linux/Linux 5.15.136 - 5.15.*

Linux/Linux 5.4.259 - 5.4.*

Linux/Linux 6.1.59 - 6.1.*

Linux/Linux 6.5.8 - 6.5.*

Linux/Linux 6.6

... and 10 more

Published Mar 02, 2024

Tracked Since Feb 18, 2026