Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: added flushworkqueue to prevent UAF. Our detector identified a bug caused by concurrent use-after-free when detaching a NCI device. The main reason for this bug is the unexpected scheduling between the delayed mechanism...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nfc: nci: Fixed an uninit-value issue in ncirxwork. syzbot reported the following uninit-value access issue 1. ncirxwork parses the received packet from ndev-rxq. It is necessary to validate the header size, payload size, and...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine whether the protocol is supported. It is asserted that the provided protocol is less than the maximum value defined, thereby avoiding...

CVE-2026-31509

CVE-2026-31509 affects the Linux kernel NFC NCI subsystem. The vulnerability stems from nci_close_device() flushing rx_wq and tx_wq while holding req_lock, creating a circular locking dependency with nci_rx_work() and related paths. The fix moves the rx_wq flush to after req_lock is released, rel...

CVE-2026-23339

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

CVE-2026-23330

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23339

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

Linux Distros Unpatched Vulnerability : CVE-2026-23330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g...

Linux Distros Unpatched Vulnerability : CVE-2022-50854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction...

Linux Distros Unpatched Vulnerability : CVE-2025-40043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-379453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-379453 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failu...

CVE-2022-49059 nfc: nci: add flush_workqueue to prevent uaf

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

CVE-2022-49059 nfc: nci: add flush_workqueue to prevent uaf

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL pointer dereference...

UBUNTU-CVE-2022-48967

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkaller reported: memcpy: detected field-spanning write size 129 of single field "target-sensfres" at net/nfc/nci/ntf.c:260 size 18 This...

CVE-2022-48967 NFC: nci: Bounds check struct nfc_target arrays

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkaller reported: memcpy: detected field-spanning write size 129 of single field "target-sensfres" at net/nfc/nci/ntf.c:260 size 18 This...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12618)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12618 advisory. - net: mana: Fix possible double free in error handling path Ma Ke Orabug: 36897038 CVE-2024-42069 - net: relax socket state check at accept time...

CVE-2024-42130

A flaw was found in the Linux kernel's NFC subsystem, where the write call allows a mismatch between data length and count values. For example, a call with a data length of 3 bytes but a count of 15 could lead to inconsistencies in processing NFC packets. Mitigation Mitigation for this issue is...

CVE-2024-42130

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...