A flaw was found in the Linux kernel. Similar to the CVE-2021-35373, the nci_request() function in NFC NCI code also suffers from a data race. This race will allow __nci_request() to be awaken while the device is getting removed and cause UAF. The attacker can spray the released object to gain powerful primitive. Upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86cdf8e38792545161dbe3350a7eced558ba4d15 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48b71a9e66c2eab60564b1b1c85f4928ed04e406 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e3b5dfcd16a3e254aab61bd1e8c417dd4503102 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=aedddb4e45b34426cfbfa84454b6f203712733c5
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
Managed Services not affected.