{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42130", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.186Z", "datePublished": "2024-07-30T07:46:26.153Z", "dateUpdated": "2024-11-05T09:37:59.134Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:59.134Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/virtual_ncidev.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "f07bcd8bba80", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "41f5e2840cd0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "056478b4321b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "22a72c1c10f4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "068648aab72c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/virtual_ncidev.c"], "versions": [{"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f"}, {"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42"}, {"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a"}, {"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08"}, {"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979"}], "title": "nfc/nci: Add the inconsistency check between the input data length and count", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.159Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42130", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:28.692005Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:36.616Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.159Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42130", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:28.692005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.764Z"}}], "cna": {"title": "nfc/nci: Add the inconsistency check between the input data length and count", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "f07bcd8bba80", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "41f5e2840cd0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "056478b4321b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "22a72c1c10f4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "068648aab72c", "versionType": "git"}], "programFiles": ["drivers/nfc/virtual_ncidev.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/nfc/virtual_ncidev.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f"}, {"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42"}, {"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a"}, {"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08"}, {"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:59.134Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42130", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:59.134Z", "dateReserved": "2024-07-29T15:50:41.186Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:26.153Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc/nci: agregue la verificaci\u00f3n de inconsistencia entre la longitud de los datos de entrada y el recuento write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf ) Syzbot construy\u00f3 una llamada write() con una longitud de datos de 3 bytes pero un valor de conteo de 15, que pas\u00f3 muy pocos datos para cumplir con los requisitos b\u00e1sicos de la funci\u00f3n nci_rf_intf_activated_ntf_packet(). Por lo tanto, aumentar la comparaci\u00f3n entre la longitud de los datos y el valor del recuento para evitar problemas causados por una longitud y un recuento de datos inconsistentes."}], "id": "CVE-2024-42130", "lastModified": "2024-07-30T13:32:45.943", "metrics": {}, "published": "2024-07-30T08:15:05.053", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nfc/nci: Add the inconsistency check between the input data length and count", "id": "2301495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301495"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnfc/nci: Add the inconsistency check between the input data length and count\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count.", "A flaw was found in the Linux kernel's NFC subsystem, where the write() call allows a mismatch between data length and count values. For example, a call with a data length of 3 bytes but a count of 15 could lead to inconsistencies in processing NFC packets."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42130", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42130\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42130\nhttps://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42130-f6ce@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}