Skip to main content

Linux EUVDEUVD-2026-15220

| CVE-2026-23291 MEDIUM
2026-03-25 Linux GHSA-3m5v-fjjv-99m5
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 15:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15220
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: properly drop the usb interface reference on disconnect

When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up by properly dropping the reference after we are done with it.

AnalysisAI

This vulnerability involves improper resource cleanup in the Linux kernel's NFC PN533 USB driver, where a reference count on the USB interface is not properly released when a device is disconnected. Affected systems include all Linux kernel versions with the vulnerable PN533 driver code, impacting any system using NFC devices based on the PN533 chipset. While this is a resource management issue rather than a direct memory corruption vulnerability, it can lead to information disclosure or denial of service through USB interface resource exhaustion over repeated device attach/detach cycles. The vulnerability has been resolved in the Linux kernel with multiple backported patches available across stable branches.

Technical ContextAI

The PN533 is a Near Field Communication (NFC) chipset commonly used in USB-based NFC readers and contactless payment terminals. The Linux kernel's nfc/pn533 driver (cpe:2.3:a:linux:linux) manages the lifecycle of USB interface references during device probe and disconnect operations. The root cause is classified under resource management errors where the usb_get_intf() reference acquired during the probe callback is not properly balanced with a corresponding usb_put_intf() call during device disconnection. This type of reference counting bug falls under CWE-404 (Improper Resource Shutdown or Release), allowing a dangling reference to persist on the USB interface structure, preventing proper device cleanup and potentially exhausting kernel resources when devices are repeatedly connected and disconnected.

RemediationAI

Upgrade the Linux kernel to a patched version that includes the fix for proper USB interface reference cleanup in the PN533 driver. Users should check their distribution's kernel update advisories and apply the latest stable kernel patches—the commits are available across multiple kernel versions via https://git.kernel.org/stable/ and should be included in standard kernel updates. If immediate kernel upgrade is not possible, disable NFC device support in the kernel configuration or use udev rules to prevent automatic loading of the PN533 driver on systems that do not require NFC functionality. For systems requiring NFC, monitor for resource exhaustion using cat /proc/sys/fs/file-max and kernel memory metrics, and implement strict physical access controls to USB ports to prevent repeated device attachment attacks.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy