Linux Kernel NFC NCI Data Exchange Completion Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's NFC NCI subsystem. When a device is closed, any pending data exchanges are not properly completed, leading to a socket reference leak. This issue was observed in the data exchange callback, which holds a socket reference. The leak can be triggered under certain conditions, causing unreferenced objects to remain in memory.

Impact

The vulnerability leads to a memory leak, where socket references are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by initiating a data exchange transaction over NFC NCI, and then closing the device without completing the exchange. This can be done by manually triggering the nci_close_device function in the NFC NCI core, while there are still pending data exchanges.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.