CVE-2026-31660
Published: Apr 24, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 2ca64fb7e2d2ae14619dd204d4f2f0a601f421fbaffected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 8b71299d587d9e4c830c18afb884c80ddb30ad28affected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 16649adc2e19509104245ea1f349b629d858f11faffected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 07cb6c72e66ba548679f22ac29ad588da8999279affected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < a9495069b43b8634c1ae0042e888766c34f66637+3 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.169 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now