Bug 2420230 (CVE-2022-50656) - CVE-2022-50656 kernel: nfc: pn533: Clear nfc_target before being used
Summary: CVE-2022-50656 kernel: nfc: pn533: Clear nfc_target before being used
Keywords:
Status: NEW
Alias: CVE-2022-50656
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-09 01:01 UTC by OSIDB Bzimport
Modified: 2026-01-06 10:16 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-09 01:01:52 UTC 
In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: Clear nfc_target before being used

Fix a slab-out-of-bounds read that occurs in nla_put() called from
nfc_genl_send_target() when target->sensb_res_len, which is duplicated
from an nfc_target in pn533, is too large as the nfc_target is not
properly initialized and retains garbage values. Clear nfc_targets with
memset() before they are used.

Found by a modified version of syzkaller.

BUG: KASAN: slab-out-of-bounds in nla_put
Call Trace:
 memcpy
 nla_put
 nfc_genl_dump_targets
 genl_lock_dumpit
 netlink_dump
 __netlink_dump_start
 genl_family_rcv_msg_dumpit
 genl_rcv_msg
 netlink_rcv_skb
 genl_rcv
 netlink_unicast
 netlink_sendmsg
 sock_sendmsg
 ____sys_sendmsg
 ___sys_sendmsg
 __sys_sendmsg
 do_syscall_64
Comment 1 Alexander B 2025-12-10 09:04:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2022-50656-4655@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.