📄 Description (English)
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freeing context
llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc
structure while its timers and state machine work may still be active.
Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state
and the skb queues. If teardown happens in parallel with a queued/running
work item, it can lead to UAF and other shutdown races.
Stop all SHDLC timers and cancel sm_work synchronously before purging the
queues and freeing the context.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
🤖 AI Executive Summary
CVE-2026-46267 is a use-after-free (UAF) vulnerability in the Linux kernel's NFC HCI SHDLC subsystem where timers and work items are not properly stopped before freeing context structures. This can lead to memory corruption and potential code execution when NFC devices are disconnected while operations are in progress. The vulnerability affects systems with NFC hardware support, particularly those using SHDLC protocol implementations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 10, 2026 00:29
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using NFC-enabled systems in payment processing, access control, and IoT deployments. High-risk sectors include: (1) Banking/SAMA-regulated institutions using NFC for contactless payments and card readers; (2) Government agencies (NCA, MOI) deploying NFC for ID verification and access systems; (3) Healthcare facilities using NFC for patient identification and medical device tracking; (4) Telecommunications providers (STC, Mobily) offering NFC services; (5) Retail and hospitality sectors with NFC point-of-sale systems. The UAF vulnerability could allow local privilege escalation or denial of service on affected systems.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Telecommunications
Retail and E-commerce
Transportation and Logistics
Hospitality
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify systems running Linux kernel with NFC HCI SHDLC support using 'lsmod | grep nfc' and 'uname -r'
2. Check if NFC hardware is actively used; if not, disable NFC module: 'modprobe -r nfc_hci' and 'modprobe -r nfc'
3. Isolate affected systems from untrusted NFC proximity until patched
Patching Guidance:
1. Apply Linux kernel security updates from your distribution (RHEL, Ubuntu, SLES, etc.) that include the SHDLC timer/work cancellation fix
2. Verify patch includes synchronous cancellation of sm_work before queue purging
3. Reboot systems after kernel update
4. Validate NFC functionality post-patch if NFC services are required
Compensating Controls (if immediate patching unavailable):
1. Disable NFC kernel modules if not operationally required
2. Implement strict physical access controls to NFC-enabled devices
3. Monitor kernel logs for NFC-related errors: 'journalctl -u kernel | grep nfc'
4. Restrict NFC device enumeration via udev rules
Detection Rules:
1. Monitor for kernel UAF warnings: 'dmesg | grep -i "use-after-free\|shdlc\|nfc_hci"'
2. Alert on unexpected NFC device disconnections followed by kernel panics
3. Track NFC module load/unload events in audit logs
4. Monitor for memory corruption indicators in kernel logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد الأنظمة التي تعمل بنواة لينكس مع دعم NFC HCI SHDLC باستخدام 'lsmod | grep nfc' و 'uname -r'
2. التحقق من استخدام أجهزة NFC بنشاط؛ إذا لم تكن قيد الاستخدام، قم بتعطيل وحدة NFC: 'modprobe -r nfc_hci' و 'modprobe -r nfc'
3. عزل الأنظمة المتأثرة عن قرب NFC غير الموثوق به حتى يتم إصلاحها
إرشادات التصحيح:
1. تطبيق تحديثات أمان نواة لينكس من توزيعتك (RHEL, Ubuntu, SLES, إلخ) التي تتضمن إصلاح إلغاء المؤقتات/العمل SHDLC
2. التحقق من أن التصحيح يتضمن إلغاء متزامن لـ sm_work قبل تنقية الطابور
3. إعادة تشغيل الأنظمة بعد تحديث النواة
4. التحقق من وظائف NFC بعد التصحيح إذا كانت خدمات NFC مطلوبة
الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):
1. تعطيل وحدات نواة NFC إذا لم تكن مطلوبة تشغيلياً
2. تطبيق ضوابط وصول فيزيائية صارمة على أجهزة NFC
3. مراقبة سجلات النواة لأخطاء NFC: 'journalctl -u kernel | grep nfc'
4. تقييد تعداد أجهزة NFC عبر قواعد udev
قواعد الكشف:
1. مراقبة تحذيرات UAF في النواة: 'dmesg | grep -i "use-after-free\|shdlc\|nfc_hci"'
2. تنبيه عند قطع اتصال أجهزة NFC غير المتوقع متبوعاً بأعطال النواة
3. تتبع أحداث تحميل/تفريغ وحدة NFC في سجلات التدقيق
4. مراقبة مؤشرات تلف الذاكرة في سجلات النواة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging of access
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Asset management
SAMA CSF PR.DS-6 - Data security and integrity
SAMA CSF DE.CM-1 - Detection processes and tools
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Information and other assets associated with information processing facilities
ISO 27001:2022 A.14.2.1 - Secure development policy and procedures
ISO 27001:2022 A.8.1.1 - Inventory of assets
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates for payment systems using NFC
PCI DSS 11.2 - Vulnerability scanning for NFC-enabled payment terminals
🔗 References & Sources 7
🔗
https://git.kernel.org/stable/c/1cb97b1225450af3f7b728777929ba50c6a58ced
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/276820278e9717cc7d4bb32381892dd3ddf418d4
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/77eef9f2eef045c3c37a3df82d3e661afb866b98
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/a24a676329d40481b2331bfa1418a679577dfd3a
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/c60f41022eaad2a1dafecd3ae6f249a3bd6d4b6e
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/c9efde1e537baed7648a94022b43836a348a074f
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/cf70cedce327833296ebe6043364d1e44b76a2ab
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
📦 Affected Products / CPE 6 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel