Use-after-free Vulnerability in Linux Kernel's NFC Subsystem by Vendor Linux
CVE-2023-53023

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 March 2025

What is CVE-2023-53023?

The Linux kernel's NFC subsystem contains a use-after-free vulnerability caused by improper management of memory during the device detachment process. Specifically, when an NFC device is detached, the local_cleanup() function can be called multiple times, leading to deallocation of memory that has already been freed. This is triggered by the transition of the NFC daemon states, particularly when the daemon releases sockets alongside device resources. The flaw can result in significant security risks, as it may allow attackers to exploit the memory corruption, potentially leading to unpredictable behavior in the kernel.

Affected Version(s)

Linux 3536da06db0baa675f32de608c0a4c0f5ef0e9ff

Linux 3536da06db0baa675f32de608c0a4c0f5ef0e9ff < 54f7be61584b8ec4c6df405f479495b9397bae4a

Linux 3536da06db0baa675f32de608c0a4c0f5ef0e9ff

References

https://git.kernel.org/stable/c/b09ae26f08aaf2d85f96ea7f9...

https://git.kernel.org/stable/c/54f7be61584b8ec4c6df405f4...

https://git.kernel.org/stable/c/a59cdbda3714e11aa3ab57913...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 27, 2025

JSON