{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23330", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.996Z", "datePublished": "2026-03-25T10:27:21.871Z", "dateUpdated": "2026-04-27T13:56:12.798Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-27T13:56:12.798Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n comm \"nci_dev\", pid 3954, jiffies 4295441245\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n backtrace (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/core.c"], "versions": [{"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "9df613ef6e8e873cdab969a11f74823488977f1f", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "702029337b057085ea13f964822dcd95e0fe53f5", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "91ff0d8c3464da7f0c43da38c195e60b660128bf", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "d05f55d68ebdebb2b0a8480d766eaae88c8c92de", "status": "affected", "versionType": "git"}, {"version": "38f04c6b1b682f1879441e2925403ad9aff9e229", "lessThan": "66083581945bd5b8e99fe49b5aeb83d03f62d053", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/core.c"], "versions": [{"version": "3.2", "status": "affected"}, {"version": "0", "lessThan": "3.2", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.136", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.82", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.6.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.12.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9df613ef6e8e873cdab969a11f74823488977f1f"}, {"url": "https://git.kernel.org/stable/c/702029337b057085ea13f964822dcd95e0fe53f5"}, {"url": "https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf"}, {"url": "https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de"}, {"url": "https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053"}], "title": "nfc: nci: complete pending data exchange on device close", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ED48B0D-C16E-45C6-89B1-D69ABC134156", "versionEndExcluding": "6.12.82", "versionStartIncluding": "3.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:-:*:*:*:*:*:*", "matchCriteriaId": "2BEBAC7C-43AE-4D02-A957-26F89F27E0AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n comm \"nci_dev\", pid 3954, jiffies 4295441245\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n backtrace (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnfc: nci: completar el intercambio de datos pendiente al cerrar el dispositivo\n\nEn nci_close_device(), completar cualquier intercambio de datos pendiente antes de cerrar. La devoluci\u00f3n de llamada de intercambio de datos (por ejemplo, rawsock_data_exchange_complete) mantiene una referencia de socket.\n\nNIPA ocasionalmente encuentra esta fuga:\n\nobjeto sin referencia 0xff1100000f435000 (tama\u00f1o 2048):\n comm 'nci_dev', pid 3954, jiffies 4295441245\n volcado hexadecimal (primeros 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n rastreo de pila (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}], "id": "CVE-2026-23330", "lastModified": "2026-04-27T14:16:30.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:30.263", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/702029337b057085ea13f964822dcd95e0fe53f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9df613ef6e8e873cdab969a11f74823488977f1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nfc: nci: complete pending data exchange on device close", "id": "2451276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451276"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's Near Field Communication (NFC) Controller Interface (NCI) subsystem. When an NFC device is closed, the `nci_close_device()` function may not properly complete pending data exchanges. This can lead to a resource leak, where unreferenced socket objects consume system memory. Over time, this resource exhaustion could result in a Denial of Service (DoS) for the system."], "name": "CVE-2026-23330", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23330\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23330\nhttps://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23330-00fd@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[38f04c6b1b682f1879441e2925403ad9aff9e229,91ff0d8c3464da7f0c43da38c195e60b660128bf)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[38f04c6b1b682f1879441e2925403ad9aff9e229,d05f55d68ebdebb2b0a8480d766eaae88c8c92de)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[38f04c6b1b682f1879441e2925403ad9aff9e229,66083581945bd5b8e99fe49b5aeb83d03f62d053)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.2)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T22:06:43.659666+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the patch for nci_close_device() (the commit referenced in the advisory).", "If a direct update is not possible, apply the vendor\u2011provided backport or patch that restores the proper completion of pending data exchanges before device close.", "After updating, run NIPA or a similar leak detection tool to confirm that no unreferenced objects remain; reboot if leaks persist."], "summary": {"action": "Immediate Patch", "impact": "Resource Leak / DoS"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that did not incorporate the commit adding the missing completion call in nci_close_device() are affected. The vulnerability exists in the kernel source before that change, so any distribution shipping the unpatched kernel is vulnerable. The problem is kernel\u2011level and applies to all vendors that provide the affected kernel release.", "description_and_impact": "The Linux kernel routine that closes an NFC device omitted the cleanup of resources tied to pending data exchanges. When a device is closed, an unreferenced memory object\u2014specifically a socket structure held by the data\u2011exchange callback\u2014is left behind. The accumulation of such leaked objects can consume kernel memory and potentially trigger denial\u2011of\u2011service conditions if triggered repeatedly.", "risk_and_exploitability": "Exploitation requires privileges capable of closing an NFC device, i.e., kernel or driver\u2011level access. The EPSS score is below 1\u202f% and the vulnerability is not listed in the KEV catalog, suggesting a low probability of active exploitation. Nevertheless, an attacker with sufficient access could repeatedly trigger the leak to exhaust memory, leading to degraded system availability. Updating the kernel removes the flaw entirely."}}}}, "created": "2026-03-25T21:32:23.468458+00:00", "updated": "2026-04-28T22:15:41.366640+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}