Linux Kernel NFC Raw Socket Transmission Synchronization Vulnerability

A vulnerability in the Linux kernel's NFC raw socket implementation can lead to use-after-free errors or leaked references. This issue arises in versions prior to the patch when the raw socket is released. The transmission work can conflict with the teardown of the socket and associated device, especially if a process is terminated abruptly. The vulnerability is caused by a lack of proper synchronization, allowing the transmission work to continue after the device has been freed.

Impact

The vulnerability can cause use-after-free errors or leaked references, which can lead to memory corruption or other unintended behavior in the kernel.

Reproduction

To reproduce this vulnerability, create a raw NFC socket and establish a connection. While the socket is in use, send a SIGKILL signal to the process holding the socket. This will trigger the socket's release process without proper synchronization, allowing the transmission work to access freed memory or create dangling references.

Remediation

Users should upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.