CVE-2026-43032
Buffer Overflow in Linux Kernel NFC PN533 Driver
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to PN532_UART_SKB_BUFF_LEN (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by bounding the UART receive buffer in the Linux kernel NFC pn533 driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix, which drops accumulated partial frames once the fixed receive buffer is full, preventing malformed UART traffic from growing the buffer indefinitely.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's NFC pn533 driver, specifically in how it handles UART receive buffers.
The function pn532_receive_buf() appends every incoming byte to a buffer (recv_skb) and only resets this buffer when a complete PN532 frame is recognized.
If a continuous stream of bytes without a valid PN532 frame header is received, the buffer keeps growing until it reaches its tail limit, potentially causing issues.
The fix bounds the UART receive buffer by dropping the accumulated partial frame once the fixed receive buffer is full, preventing malformed UART traffic from growing the buffer beyond its limit.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow malformed UART traffic to cause the receive buffer to grow uncontrollably.
This could potentially lead to resource exhaustion or denial of service conditions in the NFC pn533 driver within the Linux kernel.