CVE-2023-52507

medium

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.

References

https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729

https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802

https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb

https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848

https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da

https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0

https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53

https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213

Details

Source: Mitre, NVD

Published: 2024-03-02

Updated: 2024-03-04

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium