Linux Kernel NFC NCI Packet Data Validation Vulnerability

A vulnerability in the Linux kernel's NFC NCI protocol handling has been addressed. The issue, reported by Syzbot, involves uninitialized data in the 'nci_init_req' function, stemming from inadequate input validation. This flaw allows the processing of memory based on incorrect assumptions about packet structure, potentially leading to the use of uninitialized data. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to the use of uninitialized memory, which may cause unpredictable behavior or crashes.

Reproduction

The vulnerability can be reproduced by sending NFC NCI packets with invalid sizes that bypass the initial validation. This can be done using a tool like Syzkaller, which is designed to fuzz and find vulnerabilities in the Linux kernel by sending crafted packets that exploit the lack of proper validation in the NCI protocol handling.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.