CVE-2026-23330
Use-After-Free in Linux NFC nci_close_device Causes Resource Leak
Publication date: 2026-03-25
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 3.2 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 3.2.1 (inc) to 6.12.82 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to a memory leak occurring in the NFC subsystem of the Linux kernel, specifically involving the nci_close_device() function and pending data exchanges on device close.
Detection would involve monitoring for unreferenced objects or memory leaks related to the NFC device, such as messages indicating leaked objects with the process name "nci_dev" and associated backtraces.
Since no specific detection commands or tools are provided, general Linux kernel debugging and memory leak detection techniques can be used, such as checking kernel logs (dmesg) for related leak messages or using tools like kmemleak to identify unreferenced kernel memory.
- Check kernel logs for messages about unreferenced objects related to "nci_dev": `dmesg | grep nci_dev`
- Use kmemleak to detect kernel memory leaks: enable kmemleak and check its output via `/sys/kernel/debug/kmemleak`
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the nci_close_device() function. The issue is that when closing an NFC device, any pending data exchange is not properly completed before the device is closed. The data exchange callback holds a socket reference, and failing to complete this exchange can lead to a resource leak.
The problem manifests as an unreferenced object leak, where memory allocated for socket operations is not freed properly, potentially causing resource exhaustion over time.
How can this vulnerability impact me? :
The vulnerability can lead to memory leaks in the Linux kernel's NFC subsystem. Over time, this can cause resource exhaustion, potentially degrading system performance or causing instability.
If an attacker or a process repeatedly opens and closes NFC devices without completing data exchanges, it could increase the risk of denial of service due to kernel memory being consumed by unreleased socket references.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by ensuring that any pending data exchange is completed before closing the NFC device in the nci_close_device() function.
Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.
If updating is not immediately possible, consider disabling NFC functionality or the affected NFC subsystem to prevent triggering the vulnerable code path.