CVE-2024-36915
- Source
- https://cve.org/CVERecord?id=CVE-2024-36915
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36915.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36915
- Downstream
- Related
- Published
- 2024-05-30T15:29:12.158Z
- Modified
- 2026-05-28T03:54:13.393829163Z
- Summary
- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: llcp: fix nfcllcpsetsockopt() unsafe copies
syzbot reported unsafe calls to copyfromsockptr() [1]
Use copysafefrom_sockptr() instead.
[1]
BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copyfromsockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfcllcpsetsockopt+0x6c2/0x850 net/nfc/llcpsock.c:255 Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078
CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dumpstack lib/dumpstack.c:88 [inline] dump_stacklvl+0x241/0x360 lib/dumpstack.c:114 printaddressdescription mm/kasan/report.c:377 [inline] printreport+0x169/0x550 mm/kasan/report.c:488 kasanreport+0x143/0x180 mm/kasan/report.c:601 copyfromsockptroffset include/linux/sockptr.h:49 [inline] copyfromsockptr include/linux/sockptr.h:55 [inline] nfcllcpsetsockopt+0x6c2/0x850 net/nfc/llcpsock.c:255 dosocksetsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __dosyssetsockopt net/socket.c:2343 [inline] __sesyssetsockopt net/socket.c:2340 [inline] _x64syssetsockopt+0xb5/0xd0 net/socket.c:2340 dosyscall64+0xfd/0x240 entrySYSCALL64afterhwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIGRAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36915.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8
- https://git.kernel.org/stable/c/298609e7069ce74542a2253a39ccc9717f1d877a
- https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107
- https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36915.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36915
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26fd76cab2e61cedc5c25f7151fb31b57ddc53c7Fixed298609e7069ce74542a2253a39ccc9717f1d877aFixed0f106133203021533cb753e80d75896f4ad222f8Fixed29dc0ea979d433dd3c26abc8fa971550bdc05107Fixed7a87441c9651ba37842f4809224aca13a554a26f