In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in ncidevup and ncintfpacket
syzbot reported the following uninit-value access issue [1][2]:
ncirxwork() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded.
This patch resolved this issue by checking payload size before calling each message type handler codes.