{
  "public_date" : "2026-03-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: nfc: nci: free skb on nci_transceive early error paths",
    "id" : "2451268",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451268"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnfc: nci: free skb on nci_transceive early error paths\nnci_transceive() takes ownership of the skb passed by the caller,\nbut the -EPROTO, -EINVAL, and -EBUSY error paths return without\nfreeing it.\nDue to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes\nthe nci/nci_dev selftest hits the error path occasionally in NIPA,\nand kmemleak detects leaks:\nunreferenced object 0xff11000015ce6a40 (size 640):\ncomm \"nci_dev\", pid 3954, jiffies 4295441246\nhex dump (first 32 bytes):\n6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b  kkkk.......kkkkk\n6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk\nbacktrace (crc 7c40cc2a):\nkmem_cache_alloc_node_noprof+0x492/0x630\n__alloc_skb+0x11e/0x5f0\nalloc_skb_with_frags+0xc6/0x8f0\nsock_alloc_send_pskb+0x326/0x3f0\nnfc_alloc_send_skb+0x94/0x1d0\nrawsock_sendmsg+0x162/0x4c0\ndo_syscall_64+0x117/0xfc0", "A flaw was found in the Linux kernel's Near Field Communication (NFC) subsystem. When the `nci_transceive()` function encounters certain error conditions, it fails to properly free allocated kernel memory. This memory leak can accumulate over time, potentially leading to resource exhaustion and affecting system stability." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23339\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23339\nhttps://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23339-263f@gregkh/T" ],
  "name" : "CVE-2026-23339",
  "csaw" : false
}