1. Home
  2. Vulnerabilities
  3. CVE-2026-31660
0.0
NA
CVE-2026-31660
nfc: pn533: allocate rx skb before consuming bytes
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.

Details
INFO

Published Date :

April 24, 2026, 3:16 p.m.

Last Modified :

April 24, 2026, 3:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-31660 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Allocate the receive skb buffer before consuming input bytes to prevent NULL dereference.
  • Apply the kernel patch for the pn533 NFC driver.
  • Allocate rx skb before consuming bytes.
  • Handle allocation failures correctly.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-31660.

URL Resource
https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279
https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f
https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de
https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038
https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28
https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637
https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-31660 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-31660 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-31660 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-31660 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 24, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.
    Added Reference https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279
    Added Reference https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f
    Added Reference https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de
    Added Reference https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
    Added Reference https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038
    Added Reference https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28
    Added Reference https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637
    Added Reference https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.