SB20250916278 - Information disclosure in Linux kernel nfc
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916278
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2023-53298)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nfc_se_io() function in net/nfc/netlink.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/25ff6f8a5a3b8dc48e8abda6f013e8cc4b14ffea
- https://git.kernel.org/stable/c/271eed1736426103335c5aac50f15b0f4d236bc0
- https://git.kernel.org/stable/c/5321da6d84b87a34eea441677d649c34bd854169
- https://git.kernel.org/stable/c/8978315cb4bf8878c9c8ec05dafd8f7ff539860d
- https://git.kernel.org/stable/c/af452e35b9e6a87cd49e54a7a3d60d934b194651
- https://git.kernel.org/stable/c/b2036a252381949d3b743a3de069324ae3028a57
- https://git.kernel.org/stable/c/ba98db08895748c12e5ded52cd1598dce2c79e55
- https://git.kernel.org/stable/c/c494365432dcdc549986f4d9af9eb6190cbdb153
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.100