CVE-2023-53106

HIGH EPSS 5.9%
Published May 2, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥3.17  –  <4.14.311
linuxlinux_kernel*≥4.15  –  <4.19.279
linuxlinux_kernel*≥4.20  –  <5.4.238
linuxlinux_kernel*≥5.5  –  <5.10.176
linuxlinux_kernel*≥5.11  –  <5.15.104
linuxlinux_kernel*≥5.16  –  <6.1.21
linuxlinux_kernel*≥6.2  –  <6.2.8
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2156490c4b7cacda9a18ec99929940b8376dc0e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3405eb641dafcc8b28d174784b203c1622c121bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43aa468df246175207a7d5d7d6d31b231f15b49c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e331022b448fbc5e76f24349cd0246844dcad25
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84dd9cc34014e3a3dcce0eb6d54b8a067e97676b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0c202a8dc63008205a5d546559736507a9aae66
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f589e5b56c562d99ea74e05b1c3f0eab78aa17a3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2156490c4b7cacda9a18ec99929940b8376dc0e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3405eb641dafcc8b28d174784b203c1622c121bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43aa468df246175207a7d5d7d6d31b231f15b49c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e331022b448fbc5e76f24349cd0246844dcad25
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84dd9cc34014e3a3dcce0eb6d54b8a067e97676b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0c202a8dc63008205a5d546559736507a9aae66
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f589e5b56c562d99ea74e05b1c3f0eab78aa17a3
    Patch