Buffer Overflow Vulnerability in PN532 Chip in Linux Kernel
CVE-2026-43032

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43032?

A buffer overflow vulnerability exists in the PN532 NFC interface within the Linux kernel. The pn532_receive_buf() function fails to properly manage the UART receive buffer, appending incoming bytes to dev->recv_skb without sufficient validation. This issue arises when malformed UART traffic continues to transmit data, causing the buffer size to exceed defined limits. To address this, the system now drops any accumulated partial frames once the receive buffer reaches capacity, effectively preventing the exploitation of this weakness through continuous streams of invalid data.

Affected Version(s)

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 8bedf1dd5640ac8997bff00bbefe241b438df397

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 23e925183db26cd322597679669ad29d70ed2ada

Linux c656aa4c27b17a8c70da223ed5ab42145800d6b5 < 3adca9be14bf36b927193f05f5aea35a1a90e913

References

https://git.kernel.org/stable/c/8bedf1dd5640ac8997bff00bb...

https://git.kernel.org/stable/c/23e925183db26cd3225976796...

https://git.kernel.org/stable/c/3adca9be14bf36b927193f05f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43032 Data

JSON