PT-2025-18870 · Linux+3 · Linux Kernel+3

Publicado

2023-03-15

Atualizado

2026-02-02

CVE-2023-53106

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free bug in the Linux kernel's NFC subsystem, specifically in the ndlc remove function, has been identified. This issue arises due to a race condition and affects both st nci i2c remove and st nci spi remove. The bug occurs when the st nci i2c remove function is called to remove the driver, and there is a sequence of events that leads to the use of ndlc->ndev after it has been freed. The issue is resolved by finishing the work before cleanup in ndlc remove.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2026-03856

CVE-2023-53106

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:01982-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:01995-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_01982-1

SUSE-SU-2025_01983-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Produtos afetados

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-18870 · Linux+3 · Linux Kernel+3

CVE-2023-53106

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 760