CVE-2022-50656
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-27
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-25
NVD
CVE-2022-50656
EUVD
EUVD-2022-55700
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a slab-out-of-bounds read in the Linux kernel's NFC subsystem, specifically in the pn533 driver. It occurs because the nfc_target structure is not properly cleared before use, causing it to retain garbage values. When nla_put() is called from nfc_genl_send_target(), it can read beyond the allocated memory if the sensb_res_len field is too large. The fix involves clearing the nfc_target structure with memset() before it is used to prevent this out-of-bounds read.


How can this vulnerability impact me? :

This vulnerability can lead to a slab-out-of-bounds read in kernel memory, which may cause system instability, crashes, or potentially expose sensitive kernel memory contents. Such memory corruption issues can be exploited to compromise system security or cause denial of service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart