{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: nfc: nci: complete pending data exchange on device close",
    "id" : "2451276",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451276"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnfc: nci: complete pending data exchange on device close\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\nNIPA occasionally hits this leak:\nunreferenced object 0xff1100000f435000 (size 2048):\ncomm \"nci_dev\", pid 3954, jiffies 4295441245\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00  '..@............\nbacktrace (crc ec2b3c5):\n__kmalloc_noprof+0x4db/0x730\nsk_prot_alloc.isra.0+0xe4/0x1d0\nsk_alloc+0x36/0x760\nrawsock_create+0xd1/0x540\nnfc_sock_create+0x11f/0x280\n__sock_create+0x22d/0x630\n__sys_socket+0x115/0x1d0\n__x64_sys_socket+0x72/0xd0\ndo_syscall_64+0x117/0xfc0\nentry_SYSCALL_64_after_hwframe+0x4b/0x53", "A flaw was found in the Linux kernel's Near Field Communication (NFC) Controller Interface (NCI) subsystem. When an NFC device is closed, the `nci_close_device()` function may not properly complete pending data exchanges. This can lead to a resource leak, where unreferenced socket objects consume system memory. Over time, this resource exhaustion could result in a Denial of Service (DoS) for the system." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23330\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23330\nhttps://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23330-00fd@gregkh/T" ],
  "name" : "CVE-2026-23330",
  "csaw" : false
}