Buffer Management Issue in Linux Kernel NFC Module
CVE-2026-43098

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43098?

A vulnerability exists in the NFC module of the Linux kernel where bytes are consumed before the allocation of a fresh receive buffer. This flawed handling can disrupt the receive buffer accounting, potentially leading to null dereference errors in subsequent operations. To mitigate this, the receive skb should be allocated before consuming any bytes, ensuring that if an allocation fails, the system correctly returns the number of bytes already received without compromising stability.

Affected Version(s)

Linux 3f52c2cb7e3ada37513dabb69a22cf917dba754f

Linux 3f52c2cb7e3ada37513dabb69a22cf917dba754f < 7c31f7a599cf00fad3c204092a91a924126c67e4

Linux 3f52c2cb7e3ada37513dabb69a22cf917dba754f < 6d931680a9851481c3243689488eafed08eeff71

References

https://git.kernel.org/stable/c/d8c2aa3c4a1ec530a485e46a1...

https://git.kernel.org/stable/c/7c31f7a599cf00fad3c204092...

https://git.kernel.org/stable/c/6d931680a9851481c32436894...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43098 Data

JSON