CVE-2022-49923
📋 TL;DR
A memory leak vulnerability in the Linux kernel's NFC driver for NXP NCI chips allows attackers to cause denial of service through resource exhaustion. The vulnerability affects Linux systems with NXP NFC hardware support enabled. Attackers with local access can trigger the memory leak by sending specific NFC commands.
💻 Affected Systems
- Linux kernel with NXP NCI NFC driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could exhaust kernel memory, leading to system instability, crashes, or denial of service requiring reboot.
Likely Case
Local attackers cause gradual memory consumption, potentially degrading system performance over time until reboot is required.
If Mitigated
With proper access controls, only authorized users can trigger the vulnerability, limiting impact to specific services.
🎯 Exploit Status
Exploitation requires local access and ability to send NFC commands through the vulnerable driver interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3cba1f061bfe, 3ecf0f422702, 7bf1ed6aff0f, 9ae2c9a91ff0
Vendor Advisory: https://git.kernel.org/stable/c/3cba1f061bfe23fece2841129ca2862cdec29d5c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable NXP NFC driver
linuxPrevent loading of the vulnerable nxp-nci driver if NFC functionality is not required
echo 'blacklist nxp_nci' >> /etc/modprobe.d/blacklist-nxp-nci.conf
rmmod nxp_nci
🧯 If You Can't Patch
- Restrict local user access to systems with NFC hardware
- Monitor kernel memory usage for unusual patterns indicating memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if nxp_nci module is loaded: lsmod | grep nxp_nci. Check kernel version against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for nxp_nci driver loading without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages
- Increasing memory usage by kernel processes
- nxp_nci driver error messages
Network Indicators:
- N/A - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "nxp_nci" OR "skbuff")