CVE-2026-23330Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime9 documents8 sources
Severity
6.9MEDIUM
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket reference. NIPA occasionally hits this leak: unreferenced object 0xff1100000f435000 (size 2048): comm "nci_dev", pid 3954, jiffies 4295441245 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Affected Packages3 packages

Linuxlinux/linux_kernel3.2.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux38f04c6b1b682f1879441e2925403ad9aff9e22991ff0d8c3464da7f0c43da38c195e60b660128bf+3

🔴Vulnerability Details

4
CVEList
nfc: nci: complete pending data exchange on device close2026-03-25
OSV
CVE-2026-23330: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), co2026-03-25
OSV
nfc: nci: complete pending data exchange on device close2026-03-25
GHSA
GHSA-vjm5-v2mx-wqmv: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(),2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: nfc: nci: complete pending data exchange on device close2026-03-25
Microsoft
nfc: nci: complete pending data exchange on device close2026-03-10
Debian
CVE-2026-23330: linux - In the Linux kernel, the following vulnerability has been resolved: nfc: nci: c...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23330 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23330 — Linux vulnerability | cvebase