CVE-2026-31660

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted.

CVSS v3.1 Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	5.5.1 — 5.10.253
linux	linux_kernel	5.11 — 5.15.203
linux	linux_kernel	5.16 — 6.1.169
linux	linux_kernel	6.2 — 6.6.135
linux	linux_kernel	6.7 — 6.12.82
linux	linux_kernel	6.13 — 6.18.23
linux	linux_kernel	6.19 — 6.19.13
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/07cb6c72e66ba548679f22ac29ad588da8999279 https://git.kernel.org/stable/c/16649adc2e19509104245ea1f349b629d858f11f https://git.kernel.org/stable/c/21ae2cda66a55c759607bbf1d23cbaa42019d2de https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb https://git.kernel.org/stable/c/7e37da42eda45d7859d9273fc7e225d8df458038 https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb884c80ddb30ad28 https://git.kernel.org/stable/c/a9495069b43b8634c1ae0042e888766c34f66637 https://git.kernel.org/stable/c/c71ba669b570c7b3f86ec875be222ea11dacb352

Frequently Asked Questions

What is CVE-2026-31660? +

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted. It has a CVSS v3.1 base score of 5.5 (MEDIUM).

How severe is CVE-2026-31660? +

CVE-2026-31660 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-31660? +

CVE-2026-31660 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-31660? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-9588 10.0

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. …

CVE-2025-57870 10.0

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This …

CVE-2025-34028 10.0

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when …

CVE-2024-25693 9.9

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated …

CVE-2026-31657 9.8

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace …

CVE-2026-31649 9.8

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() …