CVE-2026-23167 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2026-23167?

CVE-2026-23167 has a CVSS score of N/A (Unknown). A race condition vulnerability in the Linux kernel's NFC subsystem allows use-after-free conditions when rfkill operations occur during device unregistration. This can lead to kernel crashes or potential privilege escalation. Systems using NFC functionality in the Linux kernel are affected.

📋 TL;DR

A race condition vulnerability in the Linux kernel's NFC subsystem allows use-after-free conditions when rfkill operations occur during device unregistration. This can lead to kernel crashes or potential privilege escalation. Systems using NFC functionality in the Linux kernel are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches available for multiple stable branches

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with NFC functionality enabled and in use

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel mode

🟠

Likely Case

Kernel crash or system instability when NFC devices are being unregistered

🟢

If Mitigated

Minor system instability that requires reboot

🌐 Internet-Facing: LOW - Requires local access to trigger via NFC device operations

🏢 Internal Only: MEDIUM - Local users or processes with NFC device access could trigger crashes

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires race condition timing and access to NFC device operations

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes (see references)

Vendor Advisory: https://git.kernel.org/stable/c/126cd30cad37bc7c2c85fe2df2a522d4edf0a5c5

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version matches patched release

🔧 Temporary Workarounds

Disable NFC functionality

all

Remove or disable NFC hardware and kernel modules

modprobe -r nci
modprobe -r nfc
blacklist nci nfc in /etc/modprobe.d/

🧯 If You Can't Patch

Restrict access to NFC devices to trusted users only
Monitor system logs for kernel crashes related to NFC operations

🔍 How to Verify

Check if Vulnerable:

Check if NFC modules are loaded: lsmod | grep -E 'nci|nfc'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched releases in git.kernel.org references

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
WARNING: kernel/locking/lockdep.c errors
NFC-related crash dumps

Network Indicators:

None - local vulnerability

SIEM Query:

search 'kernel panic' OR 'lockdep' OR 'nci' OR 'nfc' in system logs

📊 Metadata

CVE ID: CVE-2026-23167

CVSS v3 Score: N/A (Unknown)

Published: February 14, 2026

Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON