CVE-2026-23330
Received Received - Intake
Use-After-Free in Linux NFC nci_close_device Causes Resource Leak

Publication date: 2026-03-25

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket reference. NIPA occasionally hits this leak: unreferenced object 0xff1100000f435000 (size 2048): comm "nci_dev", pid 3954, jiffies 4295441245 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............ backtrace (crc ec2b3c5): __kmalloc_noprof+0x4db/0x730 sk_prot_alloc.isra.0+0xe4/0x1d0 sk_alloc+0x36/0x760 rawsock_create+0xd1/0x540 nfc_sock_create+0x11f/0x280 __sock_create+0x22d/0x630 __sys_socket+0x115/0x1d0 __x64_sys_socket+0x72/0xd0 do_syscall_64+0x117/0xfc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23330
EUVD
EUVD-2026-15287
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 3.2
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 3.2.1 (inc) to 6.12.82 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the nci_close_device() function. The issue is that when closing an NFC device, any pending data exchange is not properly completed before the device is closed. The data exchange callback holds a socket reference, and failing to complete this exchange can lead to a resource leak.

The problem manifests as an unreferenced object leak, where memory allocated for socket operations is not freed properly, potentially causing resource exhaustion over time.

Impact Analysis

The vulnerability can lead to memory leaks in the Linux kernel's NFC subsystem. Over time, this can cause resource exhaustion, potentially degrading system performance or causing instability.

If an attacker or a process repeatedly opens and closes NFC devices without completing data exchanges, it could increase the risk of denial of service due to kernel memory being consumed by unreleased socket references.

Detection Guidance

This vulnerability relates to a memory leak occurring in the NFC subsystem of the Linux kernel, specifically involving the nci_close_device() function and pending data exchanges on device close.

Detection would involve monitoring for unreferenced objects or memory leaks related to the NFC device, such as messages indicating leaked objects with the process name "nci_dev" and associated backtraces.

Since no specific detection commands or tools are provided, general Linux kernel debugging and memory leak detection techniques can be used, such as checking kernel logs (dmesg) for related leak messages or using tools like kmemleak to identify unreferenced kernel memory.

  • Check kernel logs for messages about unreferenced objects related to "nci_dev": `dmesg | grep nci_dev`
  • Use kmemleak to detect kernel memory leaks: enable kmemleak and check its output via `/sys/kernel/debug/kmemleak`
Mitigation Strategies

The vulnerability has been resolved by ensuring that any pending data exchange is completed before closing the NFC device in the nci_close_device() function.

Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.

If updating is not immediately possible, consider disabling NFC functionality or the affected NFC subsystem to prevent triggering the vulnerable code path.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart