Description
In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: properly drop the usb interface reference on disconnect

When the device is disconnected from the driver, there is a "dangling"
reference count on the usb interface that was grabbed in the probe
callback. Fix this up by properly dropping the reference after we are
done with it.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The NFC PN533 driver in the Linux kernel does not release the USB interface reference when the device is disconnected, leaving a dangling reference count. This improper reference counting, identified as CWE‑911, can corrupt kernel memory and cause system instability, potentially resulting in a kernel crash.

Affected Systems

All Linux kernels that include the unpatched PN533 driver are affected, including the mainline kernel and the 7.0‑rc1 release, as indicated by the CPE entries for Linux:Linux.

Risk and Exploitability

The CVSS score of 5.5 categorizes this flaw as moderate in severity. The EPSS score of less than 1 % and its absence from the CISA KEV catalog suggest a low probability of active exploitation. Based on the description, it is inferred that an attacker would need local or physical access to trigger a disconnect and exploit the dangling reference; no public exploit has been reported.

Generated by OpenCVE AI on May 29, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the patched PN533 driver
  • If an upgrade is not feasible, unload or blacklist the pn533 NFC module to avoid the dangling reference scenario
  • Monitor kernel logs for USB disconnect events or kernel oops messages and configure alerts to detect potential instability early

Generated by OpenCVE AI on May 29, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4606-1 linux security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Fri, 29 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754
CWE-772

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754
CWE-772

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up by properly dropping the reference after we are done with it.
Title nfc: pn533: properly drop the usb interface reference on disconnect
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:04:02.263Z

Reserved: 2026-01-13T15:37:45.992Z

Link: CVE-2026-23291

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:24.197

Modified: 2026-05-29T15:07:47.390

Link: CVE-2026-23291

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23291 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:30:07Z

Weaknesses