CVE-2026-23150
📋 TL;DR
This is a memory leak vulnerability in the Linux kernel's NFC LLCP subsystem where nfc_llcp_send_ui_frame() fails to properly synchronize with local_cleanup(), causing sk_buff allocations to be queued after the local structure has been destroyed. This affects systems using NFC functionality in the Linux kernel, potentially leading to resource exhaustion over time.
💻 Affected Systems
- Linux kernel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel crashes.
Likely Case
Memory leaks accumulate over time during normal NFC operations, gradually degrading system performance until resource exhaustion occurs.
If Mitigated
With proper patching, no impact as the synchronization issue is resolved.
🎯 Exploit Status
Exploitation requires triggering specific NFC operations and timing conditions. Memory leaks are gradual rather than immediate.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes: 165c34fb6068ff153e3fc99a932a80a9d5755709, 3098e5c8af0f4c8f7eebbb370798df8aa2e12ba5, 61858cbce6ca4bef9ed116c689a4be9520841339, 65e976e1f474ae3bf5681d7abafb8f3fdb34b8cc, 6734ff1ac6beba1d0c22dc9a3dc1849b773b511f
Vendor Advisory: https://git.kernel.org/stable/c/165c34fb6068ff153e3fc99a932a80a9d5755709
Restart Required: Yes
Instructions:
1. Identify current kernel version. 2. Apply appropriate kernel patch from provided git commits. 3. Rebuild kernel if using custom build. 4. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable NFC functionality
allRemove NFC kernel module support to prevent vulnerability exploitation
modprobe -r nfc
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist-nfc.conf
🧯 If You Can't Patch
- Disable NFC hardware at BIOS/UEFI level if available
- Monitor system memory usage for unusual increases and restart affected services
🔍 How to Verify
Check if Vulnerable:
Check if NFC modules are loaded: lsmod | grep -i nfc && check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits and test NFC functionality while monitoring for memory leaks📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'llcp: nfc_llcp_send_ui_frame: Could not allocate PDU'
- Memory leak warnings in dmesg or /var/log/kern.log
Network Indicators:
- N/A - This is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("nfc_llcp_send_ui_frame" OR "memory leak" OR "kmemleak")🔗 References
- https://git.kernel.org/stable/c/165c34fb6068ff153e3fc99a932a80a9d5755709
- https://git.kernel.org/stable/c/3098e5c8af0f4c8f7eebbb370798df8aa2e12ba5
- https://git.kernel.org/stable/c/61858cbce6ca4bef9ed116c689a4be9520841339
- https://git.kernel.org/stable/c/65e976e1f474ae3bf5681d7abafb8f3fdb34b8cc
- https://git.kernel.org/stable/c/6734ff1ac6beba1d0c22dc9a3dc1849b773b511f
- https://git.kernel.org/stable/c/ab660cb8e17aa93426d1e821c2cce60e4b9bc56a
- https://git.kernel.org/stable/c/f8d002626d434f5fea9085e2557711c16a15cec6
