Skip to main content

Linux EUVDEUVD-2026-15287

| CVE-2026-23330 MEDIUM
Memory Leak (CWE-401)
2026-03-25 Linux GHSA-vjm5-v2mx-wqmv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:27 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15287
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: complete pending data exchange on device close

In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket reference.

NIPA occasionally hits this leak:

unreferenced object 0xff1100000f435000 (size 2048): comm "nci_dev", pid 3954, jiffies 4295441245 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............ backtrace (crc ec2b3c5): __kmalloc_noprof+0x4db/0x730 sk_prot_alloc.isra.0+0xe4/0x1d0 sk_alloc+0x36/0x760 rawsock_create+0xd1/0x540 nfc_sock_create+0x11f/0x280 __sock_create+0x22d/0x630 __sys_socket+0x115/0x1d0 __x64_sys_socket+0x72/0xd0 do_syscall_64+0x117/0xfc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

AnalysisAI

A memory leak vulnerability exists in the Linux kernel's NFC (Near Field Communication) NCI subsystem where pending data exchange operations are not properly completed when a device is closed, causing socket references to be held indefinitely. This affects all Linux kernel versions with the vulnerable NFC NCI code path. An attacker with local access to NFC functionality could trigger repeated device close operations to exhaust memory resources, leading to denial of service. While no CVSS score or EPSS data is currently available, the issue is being actively addressed through kernel patches as evidenced by multiple commit references.

Technical ContextAI

The vulnerability resides in the NFC (Near Field Communication) NCI (NCI protocol) subsystem of the Linux kernel, specifically in the nci_close_device() function. The NFC subsystem provides kernel-level support for NFC operations, and the NCI layer implements the standardized NCI protocol. The root cause is a resource management failure (related to CWE-401: Missing Release of Memory after Effective Lifetime) where data exchange callbacks such as rawsock_data_exchange_complete() maintain socket references that are never released when the device closes without explicit completion of pending operations. The backtrace shows socket allocation through the rawsock_create() path in the NFC raw socket implementation, indicating that improperly released socket objects accumulate in kernel memory. The affected CPE is cpe:2.3:a:linux:linux, indicating the vulnerability affects the Linux kernel itself across all architectures and configurations that include NFC functionality.

RemediationAI

Linux users should upgrade their kernel to a version that includes one of the three referenced commits: 91ff0d8c3464da7f0c43da38c195e60b660128bf, d05f55d68ebdebb2b0a8480d766eaae88c8c92de, or 66083581945bd5b8e99fe49b5aeb83d03f62d053. For most users, this means upgrading to the latest stable kernel release for your supported series (kernel.org provides stable kernel releases). Distributions typically backport these patches automatically; users should apply their distribution's latest kernel updates through standard package management. For systems where kernel upgrades cannot be immediately applied, disable NFC functionality if not required via kernel module blacklisting (adding nfc and nci entries to /etc/modprobe.d/blacklist.conf) or BIOS/firmware settings. Monitor system memory usage on NFC-enabled systems to detect potential memory exhaustion attacks. The fixes are available at git.kernel.org as referenced in the advisory commits.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy