CVE-2024-46676

Severity CVSS v4.0:
Pending analysis
Type:
CWE-369 Divide By Zero
Publication date:
13/09/2024
Last modified:
23/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfc: pn533: Add poll mod list filling check<br /> <br /> In case of im_protocols value is 1 and tm_protocols value is 0 this<br /> combination successfully passes the check<br /> &amp;#39;if (!im_protocols &amp;&amp; !tm_protocols)&amp;#39; in the nfc_start_poll().<br /> But then after pn533_poll_create_mod_list() call in pn533_start_poll()<br /> poll mod list will remain empty and dev-&gt;poll_mod_count will remain 0<br /> which lead to division by zero.<br /> <br /> Normally no im protocol has value 1 in the mask, so this combination is<br /> not expected by driver. But these protocol values actually come from<br /> userspace via Netlink interface (NFC_CMD_START_POLL operation). So a<br /> broken or malicious program may pass a message containing a "bad"<br /> combination of protocol parameter values so that dev-&gt;poll_mod_count<br /> is not incremented inside pn533_poll_create_mod_list(), thus leading<br /> to division by zero.<br /> Call trace looks like:<br /> nfc_genl_start_poll()<br /> nfc_start_poll()<br /> -&gt;start_poll()<br /> pn533_start_poll()<br /> <br /> Add poll mod list filling check.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.12 (including) 5.4.283 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.225 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.166 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.108 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.49 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*