UBUNTU-CVE-2022-26490

Description

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  < 4.4.0-224.257 | < 4.15.0-177.186 | < 5.4.0-110.124 | < 5.15.0-27.28

• ubuntu•linux-aws

  < 4.4.0-1104.109 | < 4.4.0-1140.154 | < 4.15.0-1128.137 | < 5.4.0-1073.78 | < 5.15.0-1005.7

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  < 5.13.0-1023.25~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1075.80~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2067.70 | all | < 5.4.0-1073.78+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1128.137~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1138.151~14.04.1 | < 4.15.0-1138.151~16.04.1 | all | < 5.4.0-1078.81 | < 5.15.0-1005.6

• ubuntu•linux-azure-4.15

  < 4.15.0-1138.151

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  < 5.13.0-1023.27~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1078.81~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2049.53 | all | < 5.4.0-1078.81+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1040.44

• ubuntu•linux-dell300x

  < 4.15.0-1042.47

• ubuntu•linux-fips

  < 4.4.0-1074.80 | all | < 4.15.0-1085.94 | < 5.4.0-1049.55

• ubuntu•linux-gcp

  < 4.15.0-1122.136~16.04.1 | all | < 5.4.0-1073.78 | < 5.15.0-1004.7

• ubuntu•linux-gcp-4.15

  < 4.15.0-1122.136

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  < 5.13.0-1025.30~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1073.78~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2032.35 | all | < 5.4.0-1073.78+fips1

• ubuntu•linux-gke

  < 5.4.0-1071.76 | < 5.15.0-1003.3

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.4

  < 5.4.0-1071.76~18.04.3

• ubuntu•linux-gkeop

  < 5.4.0-1040.41

• ubuntu•linux-gkeop-5.4

  < 5.4.0-1040.41~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-177.186~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  < 5.13.0-41.46~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-110.124~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-ibm

  < 5.4.0-1021.23 | < 5.15.0-1003.3

• ubuntu•linux-ibm-5.4

  < 5.4.0-1021.23~18.04.1

• ubuntu•linux-intel-5.13

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-intel-iotg

  < 5.15.0-1008.11

• ubuntu•linux-intel-iotg-5.15

  < 5.15.0-1008.11~20.04.1

• ubuntu•linux-iot

  < 5.4.0-1004.6

• ubuntu•linux-kvm

  < 4.4.0-1105.114 | < 4.15.0-1114.117 | < 5.4.0-1063.66 | < 5.15.0-1005.5

• ubuntu•linux-lowlatency

  < 5.15.0-27.28

Showing first 50 affected entries in server-rendered view.

References (11)

• https://ubuntu.com/security/CVE-2022-26490
• https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221
• https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221
• https://ubuntu.com/security/notices/USN-5381-1
• https://ubuntu.com/security/notices/USN-5390-1
• https://ubuntu.com/security/notices/USN-5390-2
• https://ubuntu.com/security/notices/USN-5413-1
• https://ubuntu.com/security/notices/USN-5415-1
• https://ubuntu.com/security/notices/USN-5417-1
• https://ubuntu.com/security/notices/USN-5418-1
• https://www.cve.org/CVERecord?id=CVE-2022-26490