CVE-2026-31660

MEDIUM EPSS 1.8%
Published Apr 24, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 24, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥5.5.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.169
linuxlinux_kernel*≥6.2  –  <6.6.135
linuxlinux_kernel*≥6.7  –  <6.12.82
linuxlinux_kernel*≥6.13  –  <6.18.23
linuxlinux_kernel*≥6.19  –  <6.19.13
linuxlinux_kernel5.5any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352
    Patch