CVE-2026-23339

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The nci transceive() function in the Linux kernel does not free memory allocated to skb (socket buffer) in certain error scenarios, specifically when encountering -EPROTO, -EINVAL, or -EBUSY errors. This can lead to memory leaks. The issue is related to clearing NCI DATA EXCHANGE and was observed during the nci/nci dev selftest in NIPA, detected by kmemleak. The function nci transceive() takes ownership of the skb passed by the caller, but fails to release it under these error conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.