CVE-2026-23339Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime9 documents8 sources
Severity
6.9MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes the nci/nci_dev selftest hits the error path occasionally in NIPA, and kmemleak detects leaks: unreferenced object 0xff11000015ce6a40 (size 640): comm "nci_dev",

Affected Packages3 packages

Linuxlinux/linux_kernel3.2.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux6a2968aaf50c7a22fced77a5e24aa636281efca833f6b8a96dda045789796c3bcb451c74ac158039+6

🔴Vulnerability Details

4
CVEList
nfc: nci: free skb on nci_transceive early error paths2026-03-25
GHSA
GHSA-77ph-fpqv-c298: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ow2026-03-25
OSV
nfc: nci: free skb on nci_transceive early error paths2026-03-25
OSV
CVE-2026-23339: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes owne2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: nfc: nci: free skb on nci_transceive early error paths2026-03-25
Microsoft
nfc: nci: free skb on nci_transceive early error paths2026-03-10
Debian
CVE-2026-23339: linux - In the Linux kernel, the following vulnerability has been resolved: nfc: nci: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23339 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23339 — Linux vulnerability | cvebase