Linux Kernel NFC NCI Parameter Validation Vulnerability

A vulnerability in the Linux kernel's NFC NCI subsystem has been addressed. The issue arose after a previous commit intended to add parameter validation for packet data, which inadvertently disrupted communication with NCI NFC chips. The original fix failed to account for variable-length data packets, leading to improper validation against maximum packet lengths. This vulnerability affects the Linux kernel's stable releases.

Impact

The vulnerability caused communication issues with NCI NFC chips, disrupting normal functionality.

Reproduction

The vulnerability can be reproduced by applying the commit that introduced the parameter validation issue, which is available in the Linux kernel stable tree. After this commit, attempts to communicate with NCI NFC chips will fail, demonstrating the impact of the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.