CVE-2023-53298
- Source
- https://cve.org/CVERecord?id=CVE-2023-53298
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53298.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53298
- Downstream
- Related
- Published
- 2025-09-16T08:11:30.044Z
- Modified
- 2026-04-02T09:43:58.047310Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nfc: fix memory leak of se_io context in nfc_genl_se_io
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: fix memory leak of seio context in nfcgenlseio
The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfcgenlseio and supposed to be eventually freed in seiocb callback function. However, there are several error paths where the bwitimer is not charged to call seiocb later, and the cb_context is leaked.
The patch proposes to free the cb_context explicitly on those error paths.
At the moment we can't simply check 'dev->ops->se_io()' return value as it may be negative in both cases: when the timer was charged and was not.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53298.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/25ff6f8a5a3b8dc48e8abda6f013e8cc4b14ffea
- https://git.kernel.org/stable/c/271eed1736426103335c5aac50f15b0f4d236bc0
- https://git.kernel.org/stable/c/5321da6d84b87a34eea441677d649c34bd854169
- https://git.kernel.org/stable/c/8978315cb4bf8878c9c8ec05dafd8f7ff539860d
- https://git.kernel.org/stable/c/af452e35b9e6a87cd49e54a7a3d60d934b194651
- https://git.kernel.org/stable/c/b2036a252381949d3b743a3de069324ae3028a57
- https://git.kernel.org/stable/c/ba98db08895748c12e5ded52cd1598dce2c79e55
- https://git.kernel.org/stable/c/c494365432dcdc549986f4d9af9eb6190cbdb153
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53298.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53298
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5ce3f32b5264b337bfd13a780452a17705307725Fixed5321da6d84b87a34eea441677d649c34bd854169Fixedaf452e35b9e6a87cd49e54a7a3d60d934b194651Fixed271eed1736426103335c5aac50f15b0f4d236bc0Fixed8978315cb4bf8878c9c8ec05dafd8f7ff539860dFixedc494365432dcdc549986f4d9af9eb6190cbdb153Fixedb2036a252381949d3b743a3de069324ae3028a57Fixedba98db08895748c12e5ded52cd1598dce2c79e55Fixed25ff6f8a5a3b8dc48e8abda6f013e8cc4b14ffea