CVE-2022-26490 in Linux
Summary
by MITRE • 03/06/2022
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/25/2025
The vulnerability identified as CVE-2022-26490 resides within the Linux kernel's NFC subsystem, specifically in the st21nfca_connectivity_event_received function located in drivers/nfc/st21nfca/se.c. This flaw represents a critical buffer overflow condition that occurs when processing NFC connectivity events, making it a significant security risk for systems utilizing NFC hardware. The vulnerability affects Linux kernel versions through 5.16.12, indicating a widespread impact across multiple kernel releases. The root cause stems from the improper handling of untrusted length parameters during NFC event processing, which allows attackers to manipulate buffer boundaries and potentially execute arbitrary code.
The technical implementation of this vulnerability involves the st21nfca NFC driver's failure to properly validate input parameters before using them to determine buffer sizes. When the EVT_TRANSACTION event is received, the system processes length parameters that are not adequately sanitized or checked against expected bounds. This oversight creates an exploitable condition where maliciously crafted NFC events can cause the kernel to write beyond allocated buffer memory. The vulnerability manifests as a classic buffer overflow scenario where attacker-controlled data influences the buffer size calculation, leading to memory corruption that can be leveraged for privilege escalation or system compromise. This flaw aligns with CWE-121, which describes stack-based buffer overflow conditions, and represents a direct violation of secure coding practices that mandate input validation and bounds checking.
The operational impact of CVE-2022-26490 extends beyond simple memory corruption, as it provides potential attackers with pathways for privilege escalation and system compromise within NFC-enabled devices. Systems utilizing the affected Linux kernel versions are vulnerable to remote code execution when NFC hardware is actively processing connectivity events, particularly in environments where untrusted NFC devices might be connected. The vulnerability is particularly concerning for embedded systems, mobile devices, and IoT platforms that rely on NFC connectivity for various functions. Attackers could exploit this condition by establishing malicious NFC connections that trigger the vulnerable code path, potentially allowing them to execute arbitrary code with kernel privileges. This represents a serious threat to device integrity and user security, as the exploitation could lead to complete system takeover without requiring physical access to the device.
Mitigation strategies for CVE-2022-26490 primarily focus on kernel updates and input validation improvements. Organizations should prioritize upgrading to Linux kernel versions that contain the fix for this vulnerability, which was addressed in kernel releases beyond 5.16.12. System administrators should also implement network segmentation and access controls to limit NFC connectivity exposure, particularly in high-security environments. The vulnerability can be mitigated through proper bounds checking of length parameters before buffer allocation, ensuring that all untrusted input data is validated against expected ranges. Additionally, implementing kernel hardening techniques such as stack canaries, address space layout randomization, and kernel address space protection can provide additional defense-in-depth measures against exploitation attempts. From an ATT&CK framework perspective, this vulnerability relates to T1059.007 for command and scripting interpreter and T1547.001 for registry run keys or startup folder, as exploitation could lead to persistence mechanisms. The vulnerability also maps to T1068 for exploit for privilege escalation, highlighting the need for comprehensive security controls to prevent unauthorized system access through NFC interfaces.