CVE-2026-43291
Parameter Validation Flaw in Linux Kernel NFC NCI
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's NFC (Near Field Communication) subsystem, specifically the nci driver. A recent commit intended to fix parameter validation for packet data introduced an issue where communication with nci NFC chips stopped working. The problem arose because the fix did not properly handle variable-length data packets, mistakenly comparing them to a fixed maximum packet length based on the size of a structure. This led to incorrect validation and access of uninitialized data.
How can this vulnerability impact me? :
The vulnerability can cause communication failures with NFC chips due to improper parameter validation. This may result in malfunctioning NFC features or devices relying on the Linux kernel's NFC subsystem. Additionally, accessing uninitialized data could potentially lead to unpredictable behavior or security risks, although specific impacts such as data leakage or privilege escalation are not detailed.