CVE-2023-53106: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev
AI Analysis
Technical Summary
CVE-2023-53106 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the ST-NCI driver that handles NFC communication over I2C and SPI interfaces. The vulnerability arises due to a race condition in the ndlc_remove function, which is called during the removal of the NFC driver. The issue occurs because scheduled work items (such as llt_ndlc_sm_work and llt_ndlc_rcv_queue) may still be executing or queued when the driver removal sequence frees the associated device structures (ndlc->ndev). This leads to a use-after-free scenario where the work handler attempts to access memory that has already been freed, potentially causing kernel crashes or undefined behavior. The problem affects both st_nci_i2c_remove and st_nci_spi_remove paths. The fix involves ensuring that all scheduled work is completed before the cleanup and freeing of device structures in ndlc_remove, preventing the race condition and use-after-free. This vulnerability is rooted in improper synchronization and lifecycle management of kernel workqueues and device memory during driver removal.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected NFC drivers enabled, especially those using ST-NCI based NFC hardware over I2C or SPI. The impact includes potential kernel crashes (denial of service) and possibly memory corruption that could be leveraged for privilege escalation or arbitrary code execution in a worst-case scenario, although no known exploits are reported yet. Organizations relying on NFC for secure access control, payment systems, or identity verification could face service disruptions or security breaches if exploited. Embedded devices, IoT systems, and industrial control systems running affected Linux kernels are particularly at risk. The vulnerability's exploitation requires local code execution or triggering driver removal sequences, which may limit remote exploitation but does not eliminate risk in multi-user or shared environments. Given the widespread use of Linux in European infrastructure, including telecommunications, manufacturing, and public services, the vulnerability could affect critical systems if not patched promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Specifically, ensure that the Linux kernel version includes the fix that completes all scheduled work before freeing device memory in the NFC ST-NCI driver. For systems where immediate kernel updates are not feasible, consider disabling the NFC subsystem or the affected NFC drivers (st_nci_i2c and st_nci_spi) if NFC functionality is not required. Implement strict access controls and monitoring on systems with NFC hardware to detect unusual driver removal or kernel errors that might indicate exploitation attempts. Additionally, conduct thorough testing of kernel updates in controlled environments to avoid service disruptions. For embedded and IoT devices, coordinate with vendors to obtain patched firmware or kernel versions. Finally, maintain robust incident response plans to quickly address potential kernel crashes or suspicious activity related to NFC driver operations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2023-53106: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev
AI-Powered Analysis
Technical Analysis
CVE-2023-53106 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically within the ST-NCI driver that handles NFC communication over I2C and SPI interfaces. The vulnerability arises due to a race condition in the ndlc_remove function, which is called during the removal of the NFC driver. The issue occurs because scheduled work items (such as llt_ndlc_sm_work and llt_ndlc_rcv_queue) may still be executing or queued when the driver removal sequence frees the associated device structures (ndlc->ndev). This leads to a use-after-free scenario where the work handler attempts to access memory that has already been freed, potentially causing kernel crashes or undefined behavior. The problem affects both st_nci_i2c_remove and st_nci_spi_remove paths. The fix involves ensuring that all scheduled work is completed before the cleanup and freeing of device structures in ndlc_remove, preventing the race condition and use-after-free. This vulnerability is rooted in improper synchronization and lifecycle management of kernel workqueues and device memory during driver removal.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected NFC drivers enabled, especially those using ST-NCI based NFC hardware over I2C or SPI. The impact includes potential kernel crashes (denial of service) and possibly memory corruption that could be leveraged for privilege escalation or arbitrary code execution in a worst-case scenario, although no known exploits are reported yet. Organizations relying on NFC for secure access control, payment systems, or identity verification could face service disruptions or security breaches if exploited. Embedded devices, IoT systems, and industrial control systems running affected Linux kernels are particularly at risk. The vulnerability's exploitation requires local code execution or triggering driver removal sequences, which may limit remote exploitation but does not eliminate risk in multi-user or shared environments. Given the widespread use of Linux in European infrastructure, including telecommunications, manufacturing, and public services, the vulnerability could affect critical systems if not patched promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Specifically, ensure that the Linux kernel version includes the fix that completes all scheduled work before freeing device memory in the NFC ST-NCI driver. For systems where immediate kernel updates are not feasible, consider disabling the NFC subsystem or the affected NFC drivers (st_nci_i2c and st_nci_spi) if NFC functionality is not required. Implement strict access controls and monitoring on systems with NFC hardware to detect unusual driver removal or kernel errors that might indicate exploitation attempts. Additionally, conduct thorough testing of kernel updates in controlled environments to avoid service disruptions. For embedded and IoT devices, coordinate with vendors to obtain patched firmware or kernel versions. Finally, maintain robust incident response plans to quickly address potential kernel crashes or suspicious activity related to NFC driver operations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.553Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6ff6
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 4:25:27 AM
Last updated: 8/1/2025, 9:44:02 PM
Views: 13
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.