CVE-2022-26490 – This CVE describes a buffer overflow vulnerabil... (How to Fix)

Q: What is the severity of CVE-2022-26490?

CVE-2022-26490 has a CVSS score of 7.8 (HIGH). This CVE describes a buffer overflow vulnerability in the Linux kernel's NFC driver (st21nfca). Attackers can exploit this by sending specially crafted NFC connectivity events with untrusted length parameters, potentially leading to kernel memory corruption. Systems running Linux kernel versions up to 5.16.12 with NFC functionality enabled are affected.

📋 TL;DR

This CVE describes a buffer overflow vulnerability in the Linux kernel's NFC driver (st21nfca). Attackers can exploit this by sending specially crafted NFC connectivity events with untrusted length parameters, potentially leading to kernel memory corruption. Systems running Linux kernel versions up to 5.16.12 with NFC functionality enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel through version 5.16.12

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if NFC functionality is enabled and the st21nfca driver is loaded. Many systems may not have NFC hardware or the driver loaded by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Successful exploitation could lead to kernel memory corruption, local privilege escalation to root, or denial of service through kernel panic/crash.

🟠

Likely Case

Local privilege escalation allowing an unprivileged user to gain root access on the affected system.

🟢

If Mitigated

If proper access controls are in place and NFC functionality is disabled, the attack surface is significantly reduced.

🌐 Internet-Facing: LOW - This requires local access or NFC proximity to exploit, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Requires physical proximity or local access, but could be exploited by malicious insiders or through compromised local accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or physical proximity to NFC hardware. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.16.13 and later

Vendor Advisory: https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.16.13 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable NFC functionality

linux

Unload the vulnerable st21nfca NFC driver to prevent exploitation

sudo rmmod st21nfca

Blacklist NFC driver

linux

Prevent the vulnerable driver from loading at boot

echo 'blacklist st21nfca' | sudo tee /etc/modprobe.d/blacklist-st21nfca.conf

🧯 If You Can't Patch

Disable NFC hardware in BIOS/UEFI if not required
Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check if st21nfca driver is loaded: lsmod | grep st21nfca

Check Version:

uname -r

Verify Fix Applied:

Check kernel version: uname -r should be 5.16.13 or higher

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
OOM killer messages related to NFC
System crashes after NFC events

Network Indicators:

Unusual NFC communication patterns

SIEM Query:

source="kernel" AND ("st21nfca" OR "NFC" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2022-26490

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: March 6, 2022

Last Updated: June 25, 2025

🔗 References

https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20220429-0004/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5127 Third Party Advisory
https://www.debian.org/security/2022/dsa-5173 Third Party Advisory
https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20220429-0004/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5127 Third Party Advisory
https://www.debian.org/security/2022/dsa-5173 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26490, you might also want to check these: