PT-2025-13369 · Linux+3 · Linux Kernel+3

Published

2025-01-11

Updated

2025-06-02

CVE-2023-53023

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel, specifically in the local cleanup() function. This issue occurs when the nfc daemon is killed after detaching an nfc device, leading to a double-free scenario. The problem arises from the local cleanup() function being called twice, once from nfc llcp unregister device() and again from local release(), resulting in the local->rx pending being freed twice. This vulnerability was discovered using a modified version of syzkaller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-06332

CVE-2023-53023

OESA-2025-1465

OPENSUSE-SU-2025_1195-1

SUSE-SU-2025:01600-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1195-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_01600-1

SUSE-SU-2025_1195-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-13369 · Linux+3 · Linux Kernel+3

CVE-2023-53023

Weakness Enumeration

Related Identifiers

Affected Products

References · 1498