CVE-2023-53106 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2023-53106?

CVE-2023-53106 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem allows attackers to potentially execute arbitrary code or crash the system. This affects systems using STMicroelectronics NFC controllers with I2C or SPI interfaces. The vulnerability occurs during driver removal when a race condition allows freed memory to be accessed.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem allows attackers to potentially execute arbitrary code or crash the system. This affects systems using STMicroelectronics NFC controllers with I2C or SPI interfaces. The vulnerability occurs during driver removal when a race condition allows freed memory to be accessed.

💻 Affected Systems

Products:

Linux kernel with STMicroelectronics NFC driver (st-nci)

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the st-nci NFC driver is loaded and STMicroelectronics NFC hardware is present. Most systems don't have this hardware by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, allowing complete system compromise and arbitrary code execution with kernel privileges.

🟠

Likely Case

Kernel panic or system crash leading to denial of service, potentially requiring physical reboot.

🟢

If Mitigated

No impact if the vulnerable driver is not loaded or NFC hardware is not present.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable over network.

🏢 Internal Only: MEDIUM - Requires local access but could be exploited by malicious users or malware with local execution capabilities.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger driver removal while work queue is active. Race condition exploitation can be challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases with commits: 2156490c4b7c, 3405eb641daf, 43aa468df246, 5000fe6c2782, 5e331022b448

Vendor Advisory: https://git.kernel.org/stable/c/2156490c4b7cacda9a18ec99929940b8376dc0e3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFC driver module

linux

Prevent loading of the vulnerable st-nci driver module

echo 'blacklist st_nci' | sudo tee /etc/modprobe.d/blacklist-st-nci.conf
sudo rmmod st_nci

Remove NFC hardware

all

Physically remove STMicroelectronics NFC hardware if present

🧯 If You Can't Patch

Restrict physical access to systems with vulnerable NFC hardware
Implement strict user privilege controls to limit who can load/unload kernel modules

🔍 How to Verify

Check if Vulnerable:

Check if st_nci module is loaded: lsmod | grep st_nci. If loaded and kernel version is before fix commits, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: grep -q '2156490c4b7c\|3405eb641daf\|43aa468df246\|5000fe6c2782\|5e331022b448' /proc/version_signature

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages mentioning st_nci, ndlc, or use-after-free
System crashes/panics during NFC operations

SIEM Query:

source="kernel" AND ("st_nci" OR "ndlc" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2023-53106

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: May 2, 2025

Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53106, you might also want to check these: