CVE-2026-31660

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: allocate rx skb before consuming bytes

pn532_receive_buf() reports the number of accepted bytes to the serdev
core. The current code consumes bytes into recv_skb and may already hand
a complete frame to pn533_recv_frame() before allocating a fresh receive
buffer.

If that alloc_skb() fails, the callback returns 0 even though it has
already consumed bytes, and it leaves recv_skb as NULL for the next
receive callback. That breaks the receive_buf() accounting contract and
can also lead to a NULL dereference on the next skb_put_u8().

Allocate the receive skb lazily before consuming the next byte instead.
If allocation fails, return the number of bytes already accepted.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

Source

NVD

Vendor

Linux

Product

Linux

External References

https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279
https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f
https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de
https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038
https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28
https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637
https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352

CVE-2026-31660

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment