{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23330", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.996Z", "datePublished": "2026-03-25T10:27:21.871Z", "dateUpdated": "2026-03-25T10:27:21.871Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:21.871Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n comm \"nci_dev\", pid 3954, jiffies 4295441245\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n backtrace (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/core.c"], "versions": [{"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "91ff0d8c3464da7f0c43da38c195e60b660128bf", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "d05f55d68ebdebb2b0a8480d766eaae88c8c92de", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "66083581945bd5b8e99fe49b5aeb83d03f62d053", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/core.c"], "versions": [{"version": "3.2", "status": "affected"}, {"version": "0", "lessThan": "3.2", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf"}, {"url": "https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de"}, {"url": "https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053"}], "title": "nfc: nci: complete pending data exchange on device close", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n comm \"nci_dev\", pid 3954, jiffies 4295441245\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n backtrace (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}], "id": "CVE-2026-23330", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:30.263", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nfc: nci: complete pending data exchange on device close", "id": "2451276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451276"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's Near Field Communication (NFC) Controller Interface (NCI) subsystem. When an NFC device is closed, the `nci_close_device()` function may not properly complete pending data exchanges. This can lead to a resource leak, where unreferenced socket objects consume system memory. Over time, this resource exhaustion could result in a Denial of Service (DoS) for the system."], "name": "CVE-2026-23330", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23330\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23330\nhttps://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23330-00fd@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:42:22.328326+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the commit adding pending data exchange completion in nci_close_device.", "Verify that the kernel contains the fix by confirming the presence of the relevant commits or by checking kernel changelogs for this issue.", "If an immediate update is not possible, monitor system logs for \u201cunreferenced object\u201d messages and consider reducing the number of NFC device openings or disabling the NFC module until a patch is applied.", "Keep the kernel and related drivers patched for all security updates to mitigate other potential issues."], "summary": {"action": "Apply Patch", "impact": "Memory Leak potentially causing resource exhaustion"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all Linux systems that use the kernel\u2019s NFC NCI driver, regardless of vendor. No specific kernel release or version is cited in the advisory; administrators should review their kernel version and check for the presence of the fix in recent releases.", "description_and_impact": "In the Linux kernel, a defect in the NFC driver prevents pending data exchanges from being completed when an NFC device is closed. The uncompleted exchange holds a socket reference, leading to an unreferenced memory allocation that remains allocated. Over time, repeated openings and closures can exhaust kernel memory, reducing system stability and availability. No code execution or direct data disclosure is achieved, but the leak may degrade performance or trigger kernel panics after prolonged use.", "risk_and_exploitability": "The CVSS score is not disclosed, and EPSS data is unavailable, making precise risk quantification difficult. The advisory shows no listing in the CISA KEV catalog, implying a lower likelihood of widespread exploitation. Attackers would need local or privileged access to use the NFC subsystem repeatedly; thus the most probable attack vector is local system usage. The risk is moderate, mainly to availability through memory exhaustion on heavily used or poorly managed systems."}}}}, "created": "2026-03-25T21:32:23.468458+00:00", "updated": "2026-03-25T21:32:23.468491+00:00", "vendors": [], "weaknesses": ["CWE-582"]}