Skip to main content

Linux Kernel EUVDEUVD-2026-28561

| CVE-2026-43291 HIGH
Use of Uninitialized Resource (CWE-908)
2026-05-08 Linux GHSA-r3q8-xm3r-6v78
8.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 10:30 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
8.3 (HIGH)
Patch available
May 08, 2026 - 14:02 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 13:11 nvd
HIGH 8.3

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: nfc: nci: Fix parameter validation for packet data

Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more.

The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).

AnalysisAI

Improper packet data validation in Linux kernel NCI NFC subsystem breaks communication with NFC chips and creates potential for information disclosure. The vulnerability affects adjacent network attackers (AV:A) who can exploit variable-length packet handling without authentication (PR:N) to achieve high confidentiality impact, low integrity impact, and high availability impact. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability despite CVSS 8.3 severity. Vendor patches available across multiple kernel versions (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0) with upstream fixes committed to stable branches.

Technical ContextAI

This vulnerability exists in the Linux kernel's NFC Controller Interface (NCI) subsystem, specifically in the packet data validation logic introduced by commit 9c328f54741b. The NCI protocol implements communication between the kernel NFC stack and NFC controller hardware. The flawed validation code incorrectly uses sizeof(struct) to validate variable-length packet data, failing to account for legitimate packets that exceed the static structure size. This creates both a functional regression (breaking NFC chip communication) and a security issue where attackers on adjacent networks can potentially exploit the validation mismatch. The vulnerability affects the net/nfc/nci component, which handles low-level NFC protocol operations. Multiple CPE entries indicate widespread impact across Linux kernel versions, with fixes targeting stable kernel branches from 5.15 through 7.0.

RemediationAI

Update to patched Linux kernel versions: 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0 and later. Patch commits are available from kernel.org stable git tree (see references for commit hashes). For systems unable to immediately patch, disable the NFC subsystem if not operationally required by blacklisting the nfc and nci kernel modules (add 'blacklist nfc' and 'blacklist nci' to /etc/modprobe.d/blacklist.conf and rebuild initramfs). This eliminates the attack surface but breaks NFC functionality. For environments requiring NFC, implement network segmentation to restrict adjacent network access to NFC-enabled systems, though this only reduces exposure and does not eliminate the vulnerability. Monitor for abnormal NFC traffic patterns as a detection measure. No documented side effects from the patches beyond restoring correct variable-length packet handling. Official advisories and technical details at NVD CVE-2026-43291 and linked kernel.org git commits.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28561 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy