CVE-2026-23339
- Source
- https://cve.org/CVERecord?id=CVE-2026-23339
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23339.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23339
- Downstream
- Published
- 2026-03-25T10:27:28.073Z
- Modified
- 2026-04-02T13:12:22.309447Z
- Summary
- nfc: nci: free skb on nci_transceive early error paths
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free skb on nci_transceive early error paths
nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it.
Due to issues clearing NCIDATAEXCHANGE fixed by subsequent changes the nci/nci_dev selftest hits the error path occasionally in NIPA, and kmemleak detects leaks:
unreferenced object 0xff11000015ce6a40 (size 640): comm "ncidev", pid 3954, jiffies 4295441246 hex dump (first 32 bytes): 6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b kkkk.......kkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace (crc 7c40cc2a): kmemcacheallocnode_noprof+0x492/0x630 _allocskb+0x11e/0x5f0 allocskbwithfrags+0xc6/0x8f0 sockallocsendpskb+0x326/0x3f0 nfcallocsendskb+0x94/0x1d0 rawsocksendmsg+0x162/0x4c0 dosyscall64+0x117/0xfc0
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23339.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3245801d44a44c090acefe19a12d22d12cac45c5
- https://git.kernel.org/stable/c/33f6b8a96dda045789796c3bcb451c74ac158039
- https://git.kernel.org/stable/c/54f7f0eaafa56b5994cdb5c7967946922c2e1d22
- https://git.kernel.org/stable/c/7bd4b0c4779f978a6528c9b7937d2ca18e936e2c
- https://git.kernel.org/stable/c/9d448bbab724b94d6c561e1f314656f5b88a7cb3
- https://git.kernel.org/stable/c/dcbcccfc5195c9caaa4bb8d31f23c345f00a9e89
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23339.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23339
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6a2968aaf50c7a22fced77a5e24aa636281efca8Fixed33f6b8a96dda045789796c3bcb451c74ac158039Fixeddcbcccfc5195c9caaa4bb8d31f23c345f00a9e89Fixed3245801d44a44c090acefe19a12d22d12cac45c5Fixed9d448bbab724b94d6c561e1f314656f5b88a7cb3Fixed54f7f0eaafa56b5994cdb5c7967946922c2e1d22Fixed7bd4b0c4779f978a6528c9b7937d2ca18e936e2c