CVE-2022-50656
- Source
- https://cve.org/CVERecord?id=CVE-2022-50656
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50656.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50656
- Downstream
- Related
- Published
- 2025-12-09T00:00:31.691Z
- Modified
- 2026-03-20T11:47:34.244231Z
- Summary
- nfc: pn533: Clear nfc_target before being used
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Clear nfc_target before being used
Fix a slab-out-of-bounds read that occurs in nlaput() called from nfcgenlsendtarget() when target->sensbreslen, which is duplicated from an nfctarget in pn533, is too large as the nfctarget is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used.
Found by a modified version of syzkaller.
BUG: KASAN: slab-out-of-bounds in nlaput Call Trace: memcpy nlaput nfcgenldumptargets genllockdumpit netlinkdump __netlinkdumpstart genlfamilyrcvmsgdumpit genlrcvmsg netlinkrcvskb genlrcv netlinkunicast netlinksendmsg socksendmsg ____sys_sendmsg ___sys_sendmsg _syssendmsg dosyscall64
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50656.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/61a7e15d55fae329a245535c3bac494e401005b8
- https://git.kernel.org/stable/c/755019e37815a66bb0a23893debbd3dd640ccbd3
- https://git.kernel.org/stable/c/8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03
- https://git.kernel.org/stable/c/9da4a0411f3455e3885831d0758bee3e3d565bbc
- https://git.kernel.org/stable/c/9f28157778ede0d4f183f7ab3b46995bb400abbe
- https://git.kernel.org/stable/c/aae9c24ebd901f482e6c88b6f9e0c80dc5b536d6
- https://git.kernel.org/stable/c/aea9e64dec2cc6cd742e07ecd4e6236fc76b389b
- https://git.kernel.org/stable/c/bef2f478513e7367ef3b05441f6afca981de29be
- https://git.kernel.org/stable/c/e491285b4d08884b622638be8e4961eb43b0af64
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50656.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50656
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced361f3cb7f9cfdb82c80926d0e7843c098c034545Fixed9da4a0411f3455e3885831d0758bee3e3d565bbcFixed61a7e15d55fae329a245535c3bac494e401005b8Fixedbef2f478513e7367ef3b05441f6afca981de29beFixed8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03Fixedaea9e64dec2cc6cd742e07ecd4e6236fc76b389bFixedaae9c24ebd901f482e6c88b6f9e0c80dc5b536d6Fixed755019e37815a66bb0a23893debbd3dd640ccbd3Fixede491285b4d08884b622638be8e4961eb43b0af64Fixed9f28157778ede0d4f183f7ab3b46995bb400abbe
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.3.0Fixed4.9.337
- Type
- ECOSYSTEM
- Events
-
Introduced4.10.0Fixed4.14.303
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.270
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.229
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.163
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.86
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.0.16
- Type
- ECOSYSTEM
- Events
-
Introduced6.1.0Fixed6.1.2