CVE-2024-46676: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46676 is a vulnerability in the Linux kernel's NFC PN533 driver discovered in 2024. The issue occurs when specific protocol parameter values are passed through the Netlink interface during NFC polling operations. The vulnerability was found by the Linux Verification Center using the SVACE tool and affects Linux kernel versions from 3.12 up to versions before 6.10.8 (NVD).

The vulnerability is a division by zero issue in the pn533startpoll() function. It occurs when improtocols value is 1 and tmprotocols value is 0, which passes the check 'if (!improtocols && !tmprotocols)' but leaves dev->pollmodcount at 0 after pn533pollcreatemodlist() call. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

When exploited, this vulnerability can lead to a division by zero error, resulting in a denial of service condition through a system crash. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been patched in the Linux kernel by adding a poll mod list filling check. The fix validates dev->pollmodcount after pn533pollcreatemodlist() call and returns -EINVAL if the count is zero (Kernel Patch).