1. Home
  2. Vulnerabilities
  3. CVE-2022-50656
0.0
NA
CVE-2022-50656
nfc: pn533: Clear nfc_target before being used
Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64

INFO

Published Date :

Dec. 9, 2025, 1:16 a.m.

Last Modified :

Dec. 9, 2025, 6:37 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-50656 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Clear nfc_targets with memset() before use to fix slab-out-of-bounds read.
  • Apply the kernel patch to clear nfc_targets.
  • Ensure nfc_target is properly initialized.
  • Update the Linux kernel to the latest version.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-50656.

URL Resource
https://git.kernel.org/stable/c/61a7e15d55fae329a245535c3bac494e401005b8
https://git.kernel.org/stable/c/755019e37815a66bb0a23893debbd3dd640ccbd3
https://git.kernel.org/stable/c/8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03
https://git.kernel.org/stable/c/9da4a0411f3455e3885831d0758bee3e3d565bbc
https://git.kernel.org/stable/c/9f28157778ede0d4f183f7ab3b46995bb400abbe
https://git.kernel.org/stable/c/aae9c24ebd901f482e6c88b6f9e0c80dc5b536d6
https://git.kernel.org/stable/c/aea9e64dec2cc6cd742e07ecd4e6236fc76b389b
https://git.kernel.org/stable/c/bef2f478513e7367ef3b05441f6afca981de29be
https://git.kernel.org/stable/c/e491285b4d08884b622638be8e4961eb43b0af64
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-50656 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-50656 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-50656 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-50656 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 09, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64
    Added Reference https://git.kernel.org/stable/c/61a7e15d55fae329a245535c3bac494e401005b8
    Added Reference https://git.kernel.org/stable/c/755019e37815a66bb0a23893debbd3dd640ccbd3
    Added Reference https://git.kernel.org/stable/c/8bddef54cbe9ede5ac7478f1e1e968fcfe7e6f03
    Added Reference https://git.kernel.org/stable/c/9da4a0411f3455e3885831d0758bee3e3d565bbc
    Added Reference https://git.kernel.org/stable/c/9f28157778ede0d4f183f7ab3b46995bb400abbe
    Added Reference https://git.kernel.org/stable/c/aae9c24ebd901f482e6c88b6f9e0c80dc5b536d6
    Added Reference https://git.kernel.org/stable/c/aea9e64dec2cc6cd742e07ecd4e6236fc76b389b
    Added Reference https://git.kernel.org/stable/c/bef2f478513e7367ef3b05441f6afca981de29be
    Added Reference https://git.kernel.org/stable/c/e491285b4d08884b622638be8e4961eb43b0af64
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.