CVE-2023-53106

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition<br /> <br /> This bug influences both st_nci_i2c_remove and st_nci_spi_remove.<br /> Take st_nci_i2c_remove as an example.<br /> <br /> In st_nci_i2c_probe, it called ndlc_probe and bound &amp;ndlc-&gt;sm_work<br /> with llt_ndlc_sm_work.<br /> <br /> When it calls ndlc_recv or timeout handler, it will finally call<br /> schedule_work to start the work.<br /> <br /> When we call st_nci_i2c_remove to remove the driver, there<br /> may be a sequence as follows:<br /> <br /> Fix it by finishing the work before cleanup in ndlc_remove<br /> <br /> CPU0 CPU1<br /> <br /> |llt_ndlc_sm_work<br /> st_nci_i2c_remove |<br /> ndlc_remove |<br /> st_nci_remove |<br /> nci_free_device|<br /> kfree(ndev) |<br /> //free ndlc-&gt;ndev |<br /> |llt_ndlc_rcv_queue<br /> |nci_recv_frame<br /> |//use ndlc-&gt;ndev