CVE-2026-43291
HIGHnet: nfc: nci: Fix parameter validation for packet data
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).
References (7)
Core 7
Core References
Scores
CVSS v3
8.3
EPSS
0.0027
EPSS Percentile
18.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-908
Status
published
Products (29)
linux/Kernel
< 5.15.202linux
linux/Kernel
5.16.0 - 6.1.165linux
linux/Kernel
6.13.0 - 6.18.16linux
linux/Kernel
6.18.0 - 6.19.6linux
linux/Kernel
6.2.0 - 6.6.128linux
linux/Kernel
6.7.0 - 6.12.75linux
Linux/Linux
< 6.18
Linux/Linux
0ba68bea1e356f466ad29449938bea12f5f3711f - ad058a4317db7fdb3f09caa6ed536d24a62ce6a0
Linux/Linux
5.15.195 - 5.15.202
Linux/Linux
5.15.202 - 5.15.*
... and 19 more
Published
May 08, 2026
Tracked Since
May 08, 2026