CVE-2022-26490
Advisory lineage Upstream: 0 Downstream: 47
Analyzed
Published: 06 Mar 2022, 03:58
Last modified:03 Aug 2024, 05:03
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.12% LOW
0% probability +0.09%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Mar 2022, 03:58
Published
Vulnerability first disclosed
03 Aug 2024, 05:03
Last Modified
Vulnerability information updated
Description
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.12%• Percentile: 30%
Techniques & Countermeasures
- CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Affected Systems
- debian•debian_linux
9.0 | 10.0
- fedoraproject•fedora
34 | 35
- linux•linux_kernel
≥ 4.0, ≤ 5.16.12
- netapp•h300e
na
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500e
na
- netapp•h500s_firmware
na
- netapp•h700e
na
- netapp•h700s_firmware
na
References (7)
- https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/
- https://security.netapp.com/advisory/ntap-20220429-0004/
- https://www.debian.org/security/2022/dsa-5127
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://www.debian.org/security/2022/dsa-5173