Receive Buffer Allocation Issue in Linux Kernel Affecting PN533 Devices
CVE-2026-31660

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31660?

A vulnerability exists within the Linux kernel related to the PN533 driver, where the receive buffer (skb) is not allocated before bytes are consumed. This can lead to data inconsistencies and a potential NULL dereference error if allocation fails. When pn532_receive_buf() reports accepted bytes to the serdev core, it improperly consumes bytes without having allocated a new buffer. As a result, if the memory allocation for the new receive buffer fails, the system incorrectly indicates that bytes have been processed, risking unintended behavior in subsequent operations.

Affected Version(s)

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 2ca64fb7e2d2ae14619dd204d4f2f0a601f421fb

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 8b71299d587d9e4c830c18afb884c80ddb30ad28

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 16649adc2e19509104245ea1f349b629d858f11f

References

https://git.kernel.org/stable/c/2ca64fb7e2d2ae14619dd204d...

https://git.kernel.org/stable/c/8b71299d587d9e4c830c18afb...

https://git.kernel.org/stable/c/16649adc2e19509104245ea1f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31660 Data

JSON