{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23330","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.996Z","datePublished":"2026-03-25T10:27:21.871Z","dateUpdated":"2026-05-11T22:04:46.617Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:04:46.617Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n  comm \"nci_dev\", pid 3954, jiffies 4295441245\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00  '..@............\n  backtrace (crc ec2b3c5):\n    __kmalloc_noprof+0x4db/0x730\n    sk_prot_alloc.isra.0+0xe4/0x1d0\n    sk_alloc+0x36/0x760\n    rawsock_create+0xd1/0x540\n    nfc_sock_create+0x11f/0x280\n    __sock_create+0x22d/0x630\n    __sys_socket+0x115/0x1d0\n    __x64_sys_socket+0x72/0xd0\n    do_syscall_64+0x117/0xfc0\n    entry_SYSCALL_64_after_hwframe+0x4b/0x53"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/nfc/nci/core.c"],"versions":[{"version":"38f04c6b1b682f1879441e2925403ad9aff9e229","lessThan":"9df613ef6e8e873cdab969a11f74823488977f1f","status":"affected","versionType":"git"},{"version":"38f04c6b1b682f1879441e2925403ad9aff9e229","lessThan":"702029337b057085ea13f964822dcd95e0fe53f5","status":"affected","versionType":"git"},{"version":"38f04c6b1b682f1879441e2925403ad9aff9e229","lessThan":"91ff0d8c3464da7f0c43da38c195e60b660128bf","status":"affected","versionType":"git"},{"version":"38f04c6b1b682f1879441e2925403ad9aff9e229","lessThan":"d05f55d68ebdebb2b0a8480d766eaae88c8c92de","status":"affected","versionType":"git"},{"version":"38f04c6b1b682f1879441e2925403ad9aff9e229","lessThan":"66083581945bd5b8e99fe49b5aeb83d03f62d053","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/nfc/nci/core.c"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"6.6.136","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.82","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.7","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.6.136"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.12.82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.19.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9df613ef6e8e873cdab969a11f74823488977f1f"},{"url":"https://git.kernel.org/stable/c/702029337b057085ea13f964822dcd95e0fe53f5"},{"url":"https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf"},{"url":"https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de"},{"url":"https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053"}],"title":"nfc: nci: complete pending data exchange on device close","x_generator":{"engine":"bippy-1.2.0"}}}}