CVE-2024-46676: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
AI Analysis
Technical Summary
CVE-2024-46676 is a vulnerability identified in the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the pn533 driver responsible for handling NFC polling operations. The issue arises due to improper validation of protocol parameter values passed from userspace via the Netlink interface during the NFC_CMD_START_POLL operation. The vulnerability occurs when the im_protocols value is set to 1 and the tm_protocols value is set to 0. This combination bypasses the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll() function, leading to a scenario where the poll mod list remains empty and the dev->poll_mod_count remains zero. Subsequently, this causes a division by zero error during the polling process in pn533_start_poll(). This flaw is rooted in the assumption that no im protocol bit would have the value 1, but since these values are user-controlled, a malicious or malformed userspace program can exploit this by sending crafted Netlink messages. The consequence is a kernel-level error, potentially causing a denial of service (DoS) by crashing or destabilizing the kernel. The vulnerability was discovered by the Linux Verification Center using static analysis tools (SVACE) and has been addressed by adding a poll mod list filling check to prevent the division by zero condition. The vulnerability affects Linux kernel versions identified by the given commit hashes, indicating it is present in recent kernel versions prior to patching. No known exploits are reported in the wild yet, and no CVSS score has been assigned at the time of publication.
Potential Impact
For European organizations, the impact of CVE-2024-46676 primarily revolves around potential denial of service conditions on Linux systems utilizing NFC hardware with the pn533 driver. This can affect devices and systems that rely on NFC for authentication, access control, payment processing, or data exchange. If exploited, attackers could cause kernel crashes leading to system downtime, which may disrupt critical services especially in sectors like finance, transportation, healthcare, and public administration where NFC is increasingly used. While the vulnerability does not directly allow privilege escalation or code execution, the resulting instability can be leveraged in multi-stage attacks or to cause service interruptions. Given the widespread use of Linux in servers, embedded devices, and IoT systems across Europe, organizations with NFC-enabled Linux devices are at risk. The threat is more pronounced in environments where NFC functionality is exposed to untrusted users or applications, such as public kiosks, contactless payment terminals, or shared devices. The absence of known exploits reduces immediate risk, but the ease of triggering the flaw via crafted Netlink messages means attackers with local user access or the ability to run malicious software could exploit it. This vulnerability could also be used as a vector to disrupt operations or as a denial of service tool in targeted attacks against European infrastructure relying on NFC-enabled Linux devices.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-46676 as soon as they become available from trusted sources or Linux distributions. 2. Restrict access to NFC device interfaces and the Netlink communication channel to trusted users and processes only, minimizing the risk of malicious userspace programs sending crafted messages. 3. Implement strict application whitelisting and sandboxing for software that interacts with NFC hardware to prevent unauthorized or malformed commands. 4. Monitor system logs and kernel messages for unusual NFC polling activity or kernel errors that could indicate attempted exploitation. 5. For critical systems, consider disabling NFC functionality if it is not essential, reducing the attack surface. 6. Engage in proactive vulnerability management by tracking Linux kernel updates and security advisories related to NFC and kernel subsystems. 7. Conduct security audits and penetration testing focusing on NFC interfaces and related kernel modules to identify potential weaknesses. These steps go beyond generic advice by focusing on controlling access to the vulnerable interface, monitoring for exploitation attempts, and applying targeted patches promptly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Belgium, Poland
CVE-2024-46676: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
AI-Powered Analysis
Technical Analysis
CVE-2024-46676 is a vulnerability identified in the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the pn533 driver responsible for handling NFC polling operations. The issue arises due to improper validation of protocol parameter values passed from userspace via the Netlink interface during the NFC_CMD_START_POLL operation. The vulnerability occurs when the im_protocols value is set to 1 and the tm_protocols value is set to 0. This combination bypasses the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll() function, leading to a scenario where the poll mod list remains empty and the dev->poll_mod_count remains zero. Subsequently, this causes a division by zero error during the polling process in pn533_start_poll(). This flaw is rooted in the assumption that no im protocol bit would have the value 1, but since these values are user-controlled, a malicious or malformed userspace program can exploit this by sending crafted Netlink messages. The consequence is a kernel-level error, potentially causing a denial of service (DoS) by crashing or destabilizing the kernel. The vulnerability was discovered by the Linux Verification Center using static analysis tools (SVACE) and has been addressed by adding a poll mod list filling check to prevent the division by zero condition. The vulnerability affects Linux kernel versions identified by the given commit hashes, indicating it is present in recent kernel versions prior to patching. No known exploits are reported in the wild yet, and no CVSS score has been assigned at the time of publication.
Potential Impact
For European organizations, the impact of CVE-2024-46676 primarily revolves around potential denial of service conditions on Linux systems utilizing NFC hardware with the pn533 driver. This can affect devices and systems that rely on NFC for authentication, access control, payment processing, or data exchange. If exploited, attackers could cause kernel crashes leading to system downtime, which may disrupt critical services especially in sectors like finance, transportation, healthcare, and public administration where NFC is increasingly used. While the vulnerability does not directly allow privilege escalation or code execution, the resulting instability can be leveraged in multi-stage attacks or to cause service interruptions. Given the widespread use of Linux in servers, embedded devices, and IoT systems across Europe, organizations with NFC-enabled Linux devices are at risk. The threat is more pronounced in environments where NFC functionality is exposed to untrusted users or applications, such as public kiosks, contactless payment terminals, or shared devices. The absence of known exploits reduces immediate risk, but the ease of triggering the flaw via crafted Netlink messages means attackers with local user access or the ability to run malicious software could exploit it. This vulnerability could also be used as a vector to disrupt operations or as a denial of service tool in targeted attacks against European infrastructure relying on NFC-enabled Linux devices.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-46676 as soon as they become available from trusted sources or Linux distributions. 2. Restrict access to NFC device interfaces and the Netlink communication channel to trusted users and processes only, minimizing the risk of malicious userspace programs sending crafted messages. 3. Implement strict application whitelisting and sandboxing for software that interacts with NFC hardware to prevent unauthorized or malformed commands. 4. Monitor system logs and kernel messages for unusual NFC polling activity or kernel errors that could indicate attempted exploitation. 5. For critical systems, consider disabling NFC functionality if it is not essential, reducing the attack surface. 6. Engage in proactive vulnerability management by tracking Linux kernel updates and security advisories related to NFC and kernel subsystems. 7. Conduct security audits and penetration testing focusing on NFC interfaces and related kernel modules to identify potential weaknesses. These steps go beyond generic advice by focusing on controlling access to the vulnerable interface, monitoring for exploitation attempts, and applying targeted patches promptly.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.247Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0f7c
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 12:10:47 AM
Last updated: 7/26/2025, 10:26:35 AM
Views: 10
Related Threats
CVE-2025-8854: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in bulletphysics bullet3
HighCVE-2025-8830: OS Command Injection in Linksys RE6250
MediumCVE-2025-54878: CWE-122: Heap-based Buffer Overflow in nasa CryptoLib
HighCVE-2025-40920: CWE-340 Generation of Predictable Numbers or Identifiers in ETHER Catalyst::Authentication::Credential::HTTP
HighCarmaker’s Portal Vulnerability Could Have Allowed Hackers to Unlock Vehicles and Access Data
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.