漏洞标题
NFC:NCI:在NCI设备清理时,释放rx_data_reassembly skb
漏洞描述信息
在Linux内核中,已解决以下漏洞:
nfc:nci:在NCI设备清理时释放rx_data_reassembly skb
在NCI数据交换期间,为处理分片数据包而存储rx_data_reassembly skb。只有在处理最后一个分片或接收到具有NCI_OP_RF_DEACTIVATE_NTF操作码的NTF包时,才会丢弃它。然而,NCI设备可能在此之前被释放,导致skb泄漏。
根据设计,rx_data_reassembly skb与NCI设备绑定,并且在某些情况下,没有任何机制阻止在skb以某种方式处理和清理之前释放设备,因此在NCI设备清理时将其释放。
由Linux Verification Center(linuxtesting.org)使用Syzkaller发现。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
双重释放
漏洞标题
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
rx_data_reassembly skb is stored during NCI data exchange for processing
fragmented packets. It is dropped only when the last fragment is processed
or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.
However, the NCI device may be deallocated before that which leads to skb
leak.
As by design the rx_data_reassembly skb is bound to the NCI device and
nothing prevents the device to be freed before the skb is processed in
some way and cleaned, free it on the NCI device cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS信息
N/A
漏洞类别
其他