SB2025050255 - Memory leak in Linux kernel nfc nxp-nci driver
Published: May 2, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050255
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-49923)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nxp_nci_send() function in drivers/nfc/nxp-nci/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3cba1f061bfe23fece2841129ca2862cdec29d5c
- https://git.kernel.org/stable/c/3ecf0f4227029b2c42e036b10ff6e5d09e20821e
- https://git.kernel.org/stable/c/7bf1ed6aff0f70434bd0cdd45495e83f1dffb551
- https://git.kernel.org/stable/c/9ae2c9a91ff068f4c3e392f47e8e26a1c9f85ebb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.154