Linux Kernel NFC PN533 UART Buffer Overflow Vulnerability

A vulnerability in the Linux kernel's NFC PN533 UART driver can lead to a buffer overflow. The issue arises because the function 'pn532_receive_buf()' continuously appends incoming bytes to the receive buffer without properly validating the data. This allows malformed UART traffic to accumulate and potentially overflow the buffer limit. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can cause a buffer overflow, which may lead to memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a continuous stream of bytes over UART to a device running the affected Linux kernel version. The stream must not include a valid PN532 frame header, allowing the bytes to accumulate in the receive buffer until it overflows.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.