{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23291", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:49.634Z", "dateUpdated": "2026-03-25T10:26:49.634Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:49.634Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback. Fix this up by properly dropping the reference after we are\ndone with it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/pn533/usb.c"], "versions": [{"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "7398d6570501edc55a50ece820f369ab3c1df2e7", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "7ff14eb070f0efecb2606f8d7aa01b77d188e886", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "00477cab053dc4816b99141d8fcca7a479cfebeb", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74", "status": "affected", "versionType": "git"}, {"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4", "lessThan": "12133a483dfa832241fbbf09321109a0ea8a520e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nfc/pn533/usb.c"], "versions": [{"version": "3.1", "status": "affected"}, {"version": "0", "lessThan": "3.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7"}, {"url": "https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0"}, {"url": "https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886"}, {"url": "https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb"}, {"url": "https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74"}, {"url": "https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e"}], "title": "nfc: pn533: properly drop the usb interface reference on disconnect", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback. Fix this up by properly dropping the reference after we are\ndone with it."}], "id": "CVE-2026-23291", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:24.197", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nfc: pn533: properly drop the usb interface reference on disconnect", "id": "2451186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451186"}, "csaw": false, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel's `nfc: pn533` driver. When a device is disconnected, a reference count on the USB interface is not properly dropped, leading to a dangling reference. This resource management issue may lead to system instability or a denial of service (DoS)."], "name": "CVE-2026-23291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23291\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23291\nhttps://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23291-eae3@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,7398d6570501edc55a50ece820f369ab3c1df2e7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,7ff14eb070f0efecb2606f8d7aa01b77d188e886)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,00477cab053dc4816b99141d8fcca7a479cfebeb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c46ee38620a2aa2b25b16bc9738ace80dbff76a4,12133a483dfa832241fbbf09321109a0ea8a520e)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,3.1)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc2,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T02:29:28.788548+00:00", "value": {"mitigation_remediation": ["Apply an updated Linux kernel that includes the pn533 reference\u2011count fix", "Verify that the kernel\u2019s NFC driver contains the commit that drops the USB interface reference", "If an immediate update is not possible, disable the pn533 NFC device or restrict its access via udev rules"], "summary": {"action": "Patch", "impact": "Denial of Service (kernel crash)"}, "threat_synthesis": {"affected_systems": "The flaw is present in the Linux kernel\u2019s NFC subsystem for the pn533 controller. Any kernel version that has not incorporated the patch that releases the USB interface reference on disconnect remains susceptible. The advisory does not list specific kernel versions, so administrators should confirm whether their running kernel contains the commit that implements the fix.", "description_and_impact": "The vulnerability occurs when the pn533 NFC driver keeps a reference to a USB interface after the device is disconnected, leading to a dangling reference count. This resource management defect, classified as CWE-754, CWE-772, and CWE-911, may allow the kernel to incorrectly handle the interface, potentially causing system instability or a crash.", "risk_and_exploitability": "The EPSS score is below 1\u202f% and the vulnerability is not in CISA\u2019s KEV catalog, indicating a low likelihood of exploitation. No remote or network\u2011based attack vector is described. The issue is triggered when a USB device is removed, so the attack vector is likely a local physical action or a local user with access to the USB bus. Because the flaw involves kernel resource handling, a successful exploitation could potentially cause a denial of service by crashing the kernel, though no exploit has been reported."}}}}, "created": "2026-03-25T21:15:39.373907+00:00", "updated": "2026-03-26T12:17:05.012176+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}