Linux Kernel NFC PN533 USB Interface Reference Count Vulnerability

A vulnerability exists in the Linux kernel's NFC PN533 device driver, specifically in the handling of USB interface references. When a device is disconnected, the driver fails to properly release the reference count on the USB interface, leading to a dangling reference. This issue has been addressed by ensuring the reference is correctly dropped after it is no longer needed.

Impact

The vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

To reproduce this vulnerability, connect a device that uses the NXP PN533 NFC driver via USB. Once the device is connected, the driver will increment the reference count on the USB interface. When the device is disconnected, the driver will not decrement the reference count, leaving a dangling reference. This can be observed by monitoring the reference count of the USB interface before and after disconnection.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.