CVE-2026-43032

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFC: pn533: bound the UART receive buffer

pn532_receive_buf() appends every incoming byte to dev->recv_skb and only resets the buffer after pn532_uart_rx_is_frame() recognizes a complete frame. A continuous stream of bytes without a valid PN532 frame header therefore keeps growing the skb until skb_put_u8() hits the tail limit.

Drop the accumulated partial frame once the fixed receive buffer is full so malformed UART traffic cannot grow the skb past PN532_UART_SKB_BUFF_LEN.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < 8bedf1dd5640ac8997bff00bbefe241b438df397affected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < 23e925183db26cd322597679669ad29d70ed2adaaffected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < 3adca9be14bf36b927193f05f5aea35a1a90e913affected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < 2c1fadd221b21d8038acfe6a0f56291881d5ff76affected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < f48ab6ee654ecc350434e4566bc785773f412b7eaffected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < ad2f60de5045bfb5d20ea468a97c8760c6a3a4f8affected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < cf2ff10183204349edfd6b972e189375fc5f1fb0affected
LinuxLinuxc656aa4c27b17a8c70da223ed5ab42145800d6b5 < 30fe3f5f6494f827d812ff179f295a8e532709d6affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.168 <= 6.1.*unaffected
LinuxLinux6.6.134 <= 6.6.*unaffected
LinuxLinux6.12.81 <= 6.12.*unaffected
LinuxLinux6.18.22 <= 6.18.*unaffected
LinuxLinux6.19.12 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References