CVE-2023-52507: nfc: nci: assert requested protocol is valid

Description

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: assert requested protocol is valid

The protocol is used in a bit mask to determine if the protocol is
supported. Assert the provided protocol is less than the maximum
defined so it doesn't potentially perform a shift-out-of-bounds and
provide a clearer error for undefined protocols vs unsupported ones.

Classification

CVE ID: CVE-2023-52507

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53
https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729
https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb
https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802
https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213
https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848
https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da
https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0

Timeline

2024-12-20 00:30:43 UTC
CVE

nfc: nci: assert requested protocol is valid