CVE-2026-31660

Source
https://cve.org/CVERecord?id=CVE-2026-31660
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31660.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31660
Downstream
Published
2026-04-24T14:45:11.039Z
Modified
2026-07-08T08:00:10.332391057Z
Summary
nfc: pn533: allocate rx skb before consuming bytes
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: allocate rx skb before consuming bytes

pn532receivebuf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already hand a complete frame to pn533recv_frame() before allocating a fresh receive buffer.

If that allocskb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recvskb as NULL for the next receive callback. That breaks the receivebuf() accounting contract and can also lead to a NULL dereference on the next skbput_u8().

Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31660.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c656aa4c27b17a8c70da223ed5ab42145800d6b5
Fixed
2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb
Fixed
8b71299d587d9e4c830c18afb884c80ddb30ad28
Fixed
16649adc2e19509104245ea1f349b629d858f11f
Fixed
07cb6c72e66ba548679f22ac29ad588da8999279
Fixed
a9495069b43b8634c1ae0042e888766c34f66637
Fixed
21ae2cda66a55c759607bbf1d23cbaa42019d2de
Fixed
7e37da42eda45d7859d9273fc7e225d8df458038
Fixed
c71ba669b570c7b3f86ec875be222ea11dacb352

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31660.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.169
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.135
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.82
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.23
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31660.json"