CVE-2022-50656

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s NFC subsystem, specifically within the pn533 component. The issue involves a slab-out-of-bounds read occurring in the nla put() function, which is called from nfc genl send target(). This happens when the target->sensb res len value, copied from an NFC target in pn533, is excessively large, and the nfc target is not properly initialized, retaining garbage values. The vulnerability was discovered using a modified version of syzkaller. The root cause is the failure to clear nfc target structures with memset() before their use.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.