CVE-2026-43291HIGH 8.3EPSS p18.2%

CVE-2026-43291CVE-2026-43291

Description

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS0.27% probability of exploitation · percentile 18.2% · 2026-06-19T12:03:05Z
Published2026-05-08
Last modified2026-05-14

Underlying weaknesses· 1

CWE-908

References

  1. https://git.kernel.org/stable/c/3b91160e9a91b5a2662875417dc42dc5b0bf03ea
  2. https://git.kernel.org/stable/c/498fc5d0d650c77e87fcc73808d4f43240c21805
  3. https://git.kernel.org/stable/c/571dcbeb8e635182bb825ae758399831805693c2
  4. https://git.kernel.org/stable/c/a24a8a582da4426b2042e510a1080df84083b51d
  5. https://git.kernel.org/stable/c/ad058a4317db7fdb3f09caa6ed536d24a62ce6a0
  6. https://git.kernel.org/stable/c/c692db813a7e3b7c3c17d6e9a3ad2a018bf1142b
  7. https://git.kernel.org/stable/c/f5218426f765eee22e178df9c126d974792fb6a5

1

TypeTargetConfidenceTier
WeaknessUse of Uninitialized Resourcecwe-9080%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31622
CVE
CVE-2026-31629
CVE
CVE-2026-43098
CVE
CVE-2026-46267
CVE
CVE-2026-31617
CVE
CVE-2026-23455
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.