VYPR
Medium severity5.5NVD Advisory· Published May 19, 2024· Updated Jun 17, 2026

CVE-2024-35915

CVE-2024-35915

Description

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet

syzbot reported the following uninit-value access issue [1][2]:

nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded.

This patch resolved this issue by checking payload size before calling each message type handler codes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

123

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.