PT-2025-18870 · Linux+3 · Linux Kernel+3

Published

2023-03-15

Updated

2026-02-02

CVE-2023-53106

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free bug in the Linux kernel's NFC subsystem, specifically in the ndlc remove function, has been identified. This issue arises due to a race condition and affects both st nci i2c remove and st nci spi remove. The bug occurs when the st nci i2c remove function is called to remove the driver, and there is a sequence of events that leads to the use of ndlc->ndev after it has been freed. The issue is resolved by finishing the work before cleanup in ndlc remove.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03856

CVE-2023-53106

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:01982-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:01995-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_01982-1

SUSE-SU-2025_01983-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-18870 · Linux+3 · Linux Kernel+3

CVE-2023-53106

Weakness Enumeration

Related Identifiers

Affected Products

References · 760