CVE-2026-23291
Analyzed
Analyzed - Analysis Complete
Use-After-Free in Linux Kernel NFC pn533 USB Interface on Disconnect
Publication date: 2026-03-25
Last updated on: 2026-05-29
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: properly drop the usb interface reference on disconnect
When the device is disconnected from the driver, there is a "dangling"
reference count on the usb interface that was grabbed in the probe
callback. Fix this up by properly dropping the reference after we are
done with it.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.130 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.203 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.167 (exc) |
| linux | linux_kernel | From 3.1 (inc) to 5.10.253 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
