CVE-2023-53298
nfc: fix memory leak of se_io context in nfc_genl_se_io
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and supposed to be eventually freed in se_io_cb callback function. However, there are several error paths where the bwi_timer is not charged to call se_io_cb later, and the cb_context is leaked. The patch proposes to free the cb_context explicitly on those error paths. At the moment we can't simply check 'dev->ops->se_io()' return value as it may be negative in both cases: when the timer was charged and was not.
INFO
Published Date :
Sept. 16, 2025, 8:11 a.m.
Last Modified :
Sept. 16, 2025, 8:11 a.m.
Remotely Exploit :
No
Source :
Linux
Affected Products
The following products are affected by CVE-2023-53298
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Apply the patch to fix the memory leak.
- Ensure context is freed on error paths.
- Free cb_context explicitly on error paths.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53298 vulnerability anywhere in the article.