DEBIAN-CVE-2023-53106
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53106
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53106.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53106
- Upstream
- Published
- 2025-05-02T16:15:29Z
- Modified
- 2025-09-19T07:33:38.984293Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlcremove due to race condition This bug influences both stncii2cremove and stncispiremove. Take stncii2cremove as an example. In stncii2cprobe, it called ndlcprobe and bound &ndlc->smwork with lltndlcsmwork. When it calls ndlcrecv or timeout handler, it will finally call schedulework to start the work. When we call stncii2cremove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlcremove CPU0 CPU1 |lltndlcsmwork stncii2cremove | ndlcremove | stnciremove | ncifreedevice| kfree(ndev) | //free ndlc->ndev | |lltndlcrcvqueue |ncirecvframe |//use ndlc->ndev
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source