CVE-2026-43098
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in Linux Kernel NFC Subsystem

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82_uart_read() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already deliver a complete frame before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43098
EUVD
EUVD-2026-27607
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's NFC driver for the s3fwrn5 device. The issue arises because the code consumes bytes into a receive buffer (recv_skb) before allocating a new buffer for incoming data. If the allocation of this buffer fails, the function incorrectly returns 0 despite having consumed bytes, leaving the receive buffer pointer as NULL. This breaks the expected behavior of the receive buffer management and can lead to a NULL pointer dereference in subsequent operations.


How can this vulnerability impact me? :

The vulnerability can cause a NULL pointer dereference in the Linux kernel NFC driver, which may lead to a kernel crash or system instability. This can affect the reliability and availability of systems using the affected NFC driver, potentially causing denial of service conditions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart