PT-2022-1943 · Linux+5 · Linux Kernel+5
Published
2022-01-12
·
Updated
2025-06-25
·
CVE-2022-26490
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 5.16.12
Description
The issue is related to the implementation of the
st21nfca connectivity event received() function in the Linux kernel, which is vulnerable to buffer overflows due to untrusted length parameters. This can allow an attacker to impact the confidentiality, integrity, and availability of data. The vulnerability is specifically related to the EVT TRANSACTION buffer overflows in the drivers/nfc/st21nfca/se.c file.Recommendations
For Linux kernel versions through 5.16.12, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the
st21nfca connectivity event received() function in the drivers/nfc/st21nfca/se.c file until a patch is available. Avoid using untrusted length parameters in the EVT TRANSACTION buffer to minimize the risk of exploitation.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu