DEBIAN-CVE-2023-53298
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53298
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53298.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53298
- Upstream
- Published
- 2025-09-16T08:15:39Z
- Modified
- 2025-09-19T07:33:41.579802Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of seio context in nfcgenlseio The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfcgenlseio and supposed to be eventually freed in seiocb callback function. However, there are several error paths where the bwitimer is not charged to call seiocb later, and the cbcontext is leaked. The patch proposes to free the cbcontext explicitly on those error paths. At the moment we can't simply check 'dev->ops->se_io()' return value as it may be negative in both cases: when the timer was charged and was not.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source