CVE-2024-36915: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078 CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
AI Analysis
Technical Summary
CVE-2024-36915 is a vulnerability identified in the Linux kernel's Near Field Communication (NFC) subsystem, specifically within the Logical Link Control Protocol (LLCP) socket option handling code. The issue arises from unsafe memory copying operations in the function nfc_llcp_setsockopt(), where the kernel uses copy_from_sockptr() to copy data from user space pointers without adequate bounds checking. This leads to slab-out-of-bounds memory reads, as detected by Kernel Address Sanitizer (KASAN), indicating a potential for memory corruption or information disclosure. The vulnerability was reported by syzbot, an automated kernel fuzzer, which found that copy_from_sockptr() calls could read beyond allocated memory regions. The recommended fix involves replacing unsafe copy_from_sockptr() calls with the safer copy_safe_from_sockptr(), which includes proper boundary checks to prevent out-of-bounds access. The vulnerability affects Linux kernel versions prior to the patch and is related to the NFC LLCP socket option setting mechanism, which is used in NFC communications. The detailed kernel stack trace shows the fault occurring during setsockopt system calls, which are used to configure socket options at runtime. Although no public exploits are known at this time, the vulnerability could be exploited by a local attacker or a process with the ability to invoke setsockopt on NFC LLCP sockets, potentially leading to kernel memory corruption, information leakage, or system instability. The vulnerability does not require user interaction beyond invoking the vulnerable system call, but it does require the ability to interact with the NFC subsystem at the kernel level.
Potential Impact
For European organizations, the impact of CVE-2024-36915 depends largely on the deployment of Linux systems with NFC capabilities. Many enterprises and public sector entities in Europe use Linux-based servers and embedded devices, some of which may include NFC hardware for access control, payment systems, or secure communications. Exploitation of this vulnerability could allow attackers to cause kernel memory corruption, leading to denial of service (system crashes) or potentially privilege escalation if combined with other vulnerabilities. This could disrupt critical services, especially in sectors relying on NFC technology such as transportation, banking, and government facilities. Additionally, the vulnerability could be leveraged to extract sensitive kernel memory contents, risking confidentiality breaches. Given the widespread use of Linux in European infrastructure and the increasing adoption of NFC for secure transactions and identity verification, this vulnerability poses a moderate risk. However, the requirement for local access or the ability to invoke specific socket options limits remote exploitation, reducing the likelihood of widespread attacks but still representing a significant threat in environments where NFC is actively used and accessible.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix replacing copy_from_sockptr() with copy_safe_from_sockptr() in the NFC LLCP code. Since no official patch links are provided, organizations should monitor Linux kernel mailing lists and trusted repositories for the updated kernel releases addressing CVE-2024-36915. In the interim, organizations can mitigate risk by disabling NFC functionality on Linux systems where it is not required, thus reducing the attack surface. For systems requiring NFC, restrict access to the NFC subsystem and limit permissions to invoke setsockopt on NFC sockets to trusted users and processes only. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. Additionally, implement strict monitoring and alerting on kernel logs for unusual setsockopt calls or kernel memory errors. Regularly audit and update Linux systems to ensure all security patches are applied promptly. Finally, consider network segmentation and access controls to isolate NFC-enabled devices from critical infrastructure where possible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-36915: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078 CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
AI-Powered Analysis
Technical Analysis
CVE-2024-36915 is a vulnerability identified in the Linux kernel's Near Field Communication (NFC) subsystem, specifically within the Logical Link Control Protocol (LLCP) socket option handling code. The issue arises from unsafe memory copying operations in the function nfc_llcp_setsockopt(), where the kernel uses copy_from_sockptr() to copy data from user space pointers without adequate bounds checking. This leads to slab-out-of-bounds memory reads, as detected by Kernel Address Sanitizer (KASAN), indicating a potential for memory corruption or information disclosure. The vulnerability was reported by syzbot, an automated kernel fuzzer, which found that copy_from_sockptr() calls could read beyond allocated memory regions. The recommended fix involves replacing unsafe copy_from_sockptr() calls with the safer copy_safe_from_sockptr(), which includes proper boundary checks to prevent out-of-bounds access. The vulnerability affects Linux kernel versions prior to the patch and is related to the NFC LLCP socket option setting mechanism, which is used in NFC communications. The detailed kernel stack trace shows the fault occurring during setsockopt system calls, which are used to configure socket options at runtime. Although no public exploits are known at this time, the vulnerability could be exploited by a local attacker or a process with the ability to invoke setsockopt on NFC LLCP sockets, potentially leading to kernel memory corruption, information leakage, or system instability. The vulnerability does not require user interaction beyond invoking the vulnerable system call, but it does require the ability to interact with the NFC subsystem at the kernel level.
Potential Impact
For European organizations, the impact of CVE-2024-36915 depends largely on the deployment of Linux systems with NFC capabilities. Many enterprises and public sector entities in Europe use Linux-based servers and embedded devices, some of which may include NFC hardware for access control, payment systems, or secure communications. Exploitation of this vulnerability could allow attackers to cause kernel memory corruption, leading to denial of service (system crashes) or potentially privilege escalation if combined with other vulnerabilities. This could disrupt critical services, especially in sectors relying on NFC technology such as transportation, banking, and government facilities. Additionally, the vulnerability could be leveraged to extract sensitive kernel memory contents, risking confidentiality breaches. Given the widespread use of Linux in European infrastructure and the increasing adoption of NFC for secure transactions and identity verification, this vulnerability poses a moderate risk. However, the requirement for local access or the ability to invoke specific socket options limits remote exploitation, reducing the likelihood of widespread attacks but still representing a significant threat in environments where NFC is actively used and accessible.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix replacing copy_from_sockptr() with copy_safe_from_sockptr() in the NFC LLCP code. Since no official patch links are provided, organizations should monitor Linux kernel mailing lists and trusted repositories for the updated kernel releases addressing CVE-2024-36915. In the interim, organizations can mitigate risk by disabling NFC functionality on Linux systems where it is not required, thus reducing the attack surface. For systems requiring NFC, restrict access to the NFC subsystem and limit permissions to invoke setsockopt on NFC sockets to trusted users and processes only. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. Additionally, implement strict monitoring and alerting on kernel logs for unusual setsockopt calls or kernel memory errors. Regularly audit and update Linux systems to ensure all security patches are applied promptly. Finally, consider network segmentation and access controls to isolate NFC-enabled devices from critical infrastructure where possible.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.068Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2673
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 10:10:26 AM
Last updated: 7/30/2025, 5:52:51 PM
Views: 9
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.