Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in ncirequest in net/nfc/nci/core.c within the NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race issue while the device is being removed, leading to a privilege escalation...

CVE-2026-43291

CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...

CVE-2026-23330 nfc: nci: complete pending data exchange on device close

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23330

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23167

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been destroyed before nciclosedevice was called via rfkill. ncidev.cmdwq is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001468 advisory. A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in the successful path. Setting tty-discdata before opening the NCI device means that we need to handle errors properly. This also creates a short window during which the device may continue ...

net: nfc: nci: Add parameter validation for packet data

...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414530 advisory. A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with...

EUVD-2021-34060

Malicious code in bioql PyPI...

NFC: nci: uart: Set tty->disc_data only in success path

...

The vulnerability of the nci_close_device() function in the net/nfc/nci/core.c module, which is part of the NFC NCI support for Linux operating systems, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the nciclosedevice function in the net/nfc/nci/core.c module, which supports NFC NCI implementations in Linux operating systems, is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...

Linux Distros Unpatched Vulnerability : CVE-2021-4202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker...

SUSE CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL pointer dereference...

UBUNTU-CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL pointer dereference...

CVE-2024-38381

...

Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6926-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6926-3 advisory. discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions,...

USN-6926-2: Linux kernel vulnerabilities

黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...

Ubuntu 14.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6926-2)

The remote Ubuntu 14.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6926-2 advisory. discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure...

USN-6938-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service system crash. CVE-2022-48619 黄思聪 discovered that the NFC Controller Interface NCI...