Linux Kernel NFC Subsystem Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's NFC subsystem, specifically within the netlink SE API implementation. The issue arises in the 'nfc_genl_se_io' function, where the callback context for sending and receiving APDUs to and from the selected secure element is allocated. This context is intended to be freed later in the 'se_io_cb' callback function. However, several error paths prevent the 'bwi_timer' from being charged to invoke 'se_io_cb', leading to a leak of the callback context. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'nfc_genl_se_io' function in a scenario where the 'bwi_timer' is not charged, such as when an error occurs that prevents the timer from being set. This can be done by simulating conditions that trigger the error paths in the function, causing the callback context to be allocated but not freed, thereby creating a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit referenced by the CVE.