CVE-2026-23291

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23291
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23291.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23291
Downstream
Published
2026-03-25T10:26:49.634Z
Modified
2026-04-02T13:12:20.414435Z
Summary
nfc: pn533: properly drop the usb interface reference on disconnect
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: properly drop the usb interface reference on disconnect

When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up by properly dropping the reference after we are done with it.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23291.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c46ee38620a2aa2b25b16bc9738ace80dbff76a4
Fixed
7398d6570501edc55a50ece820f369ab3c1df2e7
Fixed
d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0
Fixed
7ff14eb070f0efecb2606f8d7aa01b77d188e886
Fixed
00477cab053dc4816b99141d8fcca7a479cfebeb
Fixed
4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74
Fixed
12133a483dfa832241fbbf09321109a0ea8a520e

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23291.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.77
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.17
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23291.json"