{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23291", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:49.634Z", "dateUpdated": "2026-03-25T10:26:49.634Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:49.634Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback. Fix this up by properly dropping the reference after we are\ndone with it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/pn533/usb.c"], "versions": [{"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "7398d6570501edc55a50ece820f369ab3c1df2e7", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "7ff14eb070f0efecb2606f8d7aa01b77d188e886", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "00477cab053dc4816b99141d8fcca7a479cfebeb", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "12133a483dfa832241fbbf09321109a0ea8a520e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/pn533/usb.c"], "versions": [{"version": "3.1", "status": "affected"}, {"version": "0", "lessThan": "3.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7"}, {"url": "https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0"}, {"url": "https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886"}, {"url": "https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb"}, {"url": "https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74"}, {"url": "https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e"}], "title": "nfc: pn533: properly drop the usb interface reference on disconnect", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback. Fix this up by properly dropping the reference after we are\ndone with it."}], "id": "CVE-2026-23291", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:24.197", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nfc: pn533: properly drop the usb interface reference on disconnect", "id": "2451186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451186"}, "csaw": false, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel's `nfc: pn533` driver. When a device is disconnected, a reference count on the USB interface is not properly dropped, leading to a dangling reference. This resource management issue may lead to system instability or a denial of service (DoS)."], "name": "CVE-2026-23291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23291\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23291\nhttps://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23291-eae3@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T12:05:20.512387+00:00", "value": {"mitigation_remediation": ["Upgrade to a Linux kernel release that incorporates the pn533 driver fix.", "If an immediate kernel upgrade cannot be performed, refrain from unplugging NFC pn533 devices while the driver is loaded until the patch is applied.", "After the patch is applied, verify that the USB interface reference count returns to zero upon device removal to ensure proper cleanup."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw resides in the Linux kernel\u2019s NFC pn533 driver. No specific kernel version range is listed, so any kernel build that includes this driver and which has not yet incorporated the fix could be susceptible. Users operating PCs, servers, or embedded devices that load the pn533 module are therefore at risk until a patch is applied.", "description_and_impact": "The Linux kernel NFC pn533 driver acquires a reference to its USB interface during initialization but fails to release it when the device is disconnected. This creates a dangling reference that can prevent the underlying USB interface from being freed, leading to resource exhaustion or kernel instability if the stale reference is later accessed. The vulnerability does not provide a pathway to code execution; its primary effect is to degrade system availability by allowing a DoS condition via delayed crash or resource leak.", "risk_and_exploitability": "Exact CVSS or EPSS values are not provided, and the vulnerability is not flagged in the CISA KEV list. The flaw requires that the USB NFC device be physically disconnected or that an attacker with sufficient privileges triggers a disconnect, making it a local, physical or privileged vector. The lack of a remote exploit path reduces its immediate risk, but the impact on availability warrants prompt attention."}}}}, "created": "2026-03-25T21:15:39.373907+00:00", "updated": "2026-03-25T21:15:39.373947+00:00", "vendors": [], "weaknesses": ["CWE-772", "CWE-754"]}