CVE-2024-36915 in Linuxinformazioni

Riassunto

di VulDB • 17/06/2026

Nel kernel Linux, è stata risolta la seguente vulnerabilità:

nfc: llcp: correggere le copie non sicure in nfc_llcp_setsockopt()

syzbot ha segnalato chiamate non sicure a copy_from_sockptr() [1]

Utilizzare invece copy_safe_from_sockptr().

[1]

BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Lettura di 4 byte all'indirizzo ffff88801caa1ec3 da parte del task syz-executor459/5078

CPU: 0 PID: 5078 Comm: syz-executor459 Non tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!