CVE-2023-53298
Published: Sep 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and supposed to be eventually freed in se_io_cb callback function. However, there are several error paths where the bwi_timer is not charged to call se_io_cb later, and the cb_context is leaked. The patch proposes to free the cb_context explicitly on those error paths. At the moment we can't simply check 'dev->ops->se_io()' return value as it may be negative in both cases: when the timer was charged and was not.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5ce3f32b5264b337bfd13a780452a17705307725 - < 5321da6d84b87a34eea441677d649c34bd854169affected 5ce3f32b5264b337bfd13a780452a17705307725 - < af452e35b9e6a87cd49e54a7a3d60d934b194651affected 5ce3f32b5264b337bfd13a780452a17705307725 - < 271eed1736426103335c5aac50f15b0f4d236bc0affected 5ce3f32b5264b337bfd13a780452a17705307725 - < 8978315cb4bf8878c9c8ec05dafd8f7ff539860daffected 5ce3f32b5264b337bfd13a780452a17705307725 - < c494365432dcdc549986f4d9af9eb6190cbdb153+3 more versions |
Linux | Linux | affected 3.13unaffected 0 - < 3.13unaffected 4.14.308 - <= 4.14.*unaffected 4.19.276 - <= 4.19.*unaffected 5.4.235 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now