CVE-2026-23291 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count8 documents7 sources

Severity

7.8HIGH

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up by properly dropping the reference after we are done with it.

Affected Packages5 packages

▶Linuxlinux/linux_kernel3.1.0 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxc46ee38620a2aa2b25b16bc9738ace80dbff76a4 — 7398d6570501edc55a50ece820f369ab3c1df2e7+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-3m5v-fjjv-99m5: In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the dev↗2026-03-25

▶

OSV

nfc: pn533: properly drop the usb interface reference on disconnect↗2026-03-25

▶

OSV

CVE-2026-23291: In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the devic↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: nfc: pn533: properly drop the usb interface reference on disconnect↗2026-03-25

▶

Microsoft

nfc: pn533: properly drop the usb interface reference on disconnect↗2026-03-10

▶

Debian

CVE-2026-23291: linux - In the Linux kernel, the following vulnerability has been resolved: nfc: pn533:...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23291 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶