CVE-2022-48967
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48967
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48967.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48967
- Downstream
- Related
- Published
- 2024-10-21T20:15:08Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: Bounds check struct nfc_target arrays
While running under CONFIGFORTIFYSOURCE=y, syzkaller reported:
memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18)
This appears to be a legitimate lack of bounds checking in nciaddnew_protocol(). Add the missing checks.
- References
-
- https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9
- https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2
- https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714
- https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191
- https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750
- https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c
- https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64
- https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae