CVE-2026-43098
MEDIUM EPSS 2.4%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82_uart_read() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already deliver a complete frame before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.11 – <6.6.136 |
| linux | linux_kernel | * | ≥6.7 – <6.12.83 |
| linux | linux_kernel | * | ≥6.13 – <6.18.24 |
| linux | linux_kernel | * | ≥6.19 – <6.19.14 |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 7
- git.kernel.org https://git.kernel.org/stable/c/09822d3d6f68a0cdc4626e0c507324a4927f55a9
- git.kernel.org https://git.kernel.org/stable/c/20a57de2e79b797ed75382659d52bf4c7d9cb446
- git.kernel.org https://git.kernel.org/stable/c/5c14a19d5b1645cce1cb1252833d70b23635b632
- git.kernel.org https://git.kernel.org/stable/c/6d931680a9851481c3243689488eafed08eeff71
- git.kernel.org https://git.kernel.org/stable/c/7c31f7a599cf00fad3c204092a91a924126c67e4
- git.kernel.org https://git.kernel.org/stable/c/d8c2aa3c4a1ec530a485e46a1c4f1a118bb00156
- git.kernel.org https://git.kernel.org/stable/c/e4ab0fd1c91882f2a7846b1817781c8741f7f315
Remediation
- git.kernel.org https://git.kernel.org/stable/c/09822d3d6f68a0cdc4626e0c507324a4927f55a9
- git.kernel.org https://git.kernel.org/stable/c/5c14a19d5b1645cce1cb1252833d70b23635b632
- git.kernel.org https://git.kernel.org/stable/c/6d931680a9851481c3243689488eafed08eeff71
- git.kernel.org https://git.kernel.org/stable/c/7c31f7a599cf00fad3c204092a91a924126c67e4
- git.kernel.org https://git.kernel.org/stable/c/d8c2aa3c4a1ec530a485e46a1c4f1a118bb00156