CVE-2026-43032 - Vulnerability Details

- NFC: pn533: bound the UART receive buffer

Description

In the Linux kernel, the following vulnerability has been resolved:

NFC: pn533: bound the UART receive buffer

pn532_receive_buf() appends every incoming byte to dev->recv_skb and
only resets the buffer after pn532_uart_rx_is_frame() recognizes a
complete frame. A continuous stream of bytes without a valid PN532 frame
header therefore keeps growing the skb until skb_put_u8() hits the tail
limit.

Drop the accumulated partial frame once the fixed receive buffer is full
so malformed UART traffic cannot grow the skb past
PN532_UART_SKB_BUFF_LEN.

Published: 2026-05-01

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The pn532 UART driver in the Linux kernel was allowed to append every incoming byte to an skb without resetting the buffer until a complete frame was detected. A continuous stream of bytes that does not contain a valid PN532 frame header would thus cause the skb to grow until it exceeded the tail limit, leading to memory exhaustion or a buffer overflow in the kernel. The fix clamps the receive buffer so that malformed UART traffic cannot expand the skb beyond PN532_UART_SKB_BUFF_LEN, preventing the kernel from being corrupted or crashed by malicious data.

Affected Systems

Any Linux kernel installation that contains the pn532 NFC driver and is running a version prior to the patch is potentially affected. Because the vendor list is generic (Linux:Linux) the precise affected releases are not enumerated in the available data, but all active kernel branches that ship the pn532 driver could be impacted if they have not yet applied the update.

Risk and Exploitability

The CVSS and EPSS metrics are not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known exploit or active exploitation activity at the time of this analysis. The attack vector is inferred to be local or device‑controlled, requiring an adversary to send a crafted stream of UART data to the NFC device. If successfully leveraged, the flaw could exhaust kernel memory and cause a system crash, resulting in a denial of service. Exploit feasibility is uncertain but consideration of the attacker’s physical or device access is warranted.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< 8bedf1dd5640ac8997bff00bbefe241b438df397
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< 23e925183db26cd322597679669ad29d70ed2ada
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< 3adca9be14bf36b927193f05f5aea35a1a90e913
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< 2c1fadd221b21d8038acfe6a0f56291881d5ff76
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< f48ab6ee654ecc350434e4566bc785773f412b7e
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< ad2f60de5045bfb5d20ea468a97c8760c6a3a4f8
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< cf2ff10183204349edfd6b972e189375fc5f1fb0
`c656aa4c27b17a8c70da223ed5ab42145800d6b5`	affected	< 30fe3f5f6494f827d812ff179f295a8e532709d6

Linux

affected

Version	Status	Constraints
`5.5`	affected	—
`0`	unaffected	< 5.5
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,8bedf1dd5640ac8997bff00bbefe241b438df397)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,23e925183db26cd322597679669ad29d70ed2ada)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,3adca9be14bf36b927193f05f5aea35a1a90e913)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,2c1fadd221b21d8038acfe6a0f56291881d5ff76)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,f48ab6ee654ecc350434e4566bc785773f412b7e)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,ad2f60de5045bfb5d20ea468a97c8760c6a3a4f8)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,cf2ff10183204349edfd6b972e189375fc5f1fb0)`	affected	code_commit	—
`[c656aa4c27b17a8c70da223ed5ab42145800d6b5,30fe3f5f6494f827d812ff179f295a8e532709d6)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.5`	affected	generic	—
`[0,5.5)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Acquire and install the latest Linux kernel release that incorporates the binding fix for the pn532 UART driver.
If the target environment does not require NFC pn532 functionality, disable or unload the pn532 driver or remove the device to eliminate the attack surface.
Apply the patch manually on distribution versions that have not yet shipped the update, and verify the driver’s source includes the buffer‑clamp change.

Generated by OpenCVE AI on May 2, 2026 at 07:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/23e925183db26cd322597679669ad29d70ed2ada
https://git.kernel.org/stable/c/2c1fadd221b21d8038acfe6a0f56291881d5ff76
https://git.kernel.org/stable/c/30fe3f5f6494f827d812ff179f295a8e532709d6
https://git.kernel.org/stable/c/3adca9be14bf36b927193f05f5aea35a1a90e913
https://git.kernel.org/stable/c/8bedf1dd5640ac8997bff00bbefe241b438df397
https://git.kernel.org/stable/c/ad2f60de5045bfb5d20ea468a97c8760c6a3a4f8
https://git.kernel.org/stable/c/cf2ff10183204349edfd6b972e189375fc5f1fb0
https://git.kernel.org/stable/c/f48ab6ee654ecc350434e4566bc785773f412b7e
https://lore.kernel.org/linux-cve-announce/2026050101-CVE-2026-43032-a377@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43032
https://www.cve.org/CVERecord?id=CVE-2026-43032

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1284
References		https://lore.kernel.org/linux-cve-announce/2026050101-CVE-2026-43032-a377@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43032 https://www.cve.org/CVERecord?id=CVE-2026-43032

Fri, 01 May 2026 23:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-122

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: NFC: pn533: bound the UART receive buffer pn532_receive_buf() appends every incoming byte to dev->recv_skb and only resets the buffer after pn532_uart_rx_is_frame() recognizes a complete frame. A continuous stream of bytes without a valid PN532 frame header therefore keeps growing the skb until skb_put_u8() hits the tail limit. Drop the accumulated partial frame once the fixed receive buffer is full so malformed UART traffic cannot grow the skb past PN532_UART_SKB_BUFF_LEN.
Title		NFC: pn533: bound the UART receive buffer
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/23e925183db26cd322597679669ad29d70ed2ada https://git.kernel.org/stable/c/2c1fadd221b21d8038acfe6a0f56291881d5ff76 https://git.kernel.org/stable/c/30fe3f5f6494f827d812ff179f295a8e532709d6 https://git.kernel.org/stable/c/3adca9be14bf36b927193f05f5aea35a1a90e913 https://git.kernel.org/stable/c/8bedf1dd5640ac8997bff00bbefe241b438df397 https://git.kernel.org/stable/c/ad2f60de5045bfb5d20ea468a97c8760c6a3a4f8 https://git.kernel.org/stable/c/cf2ff10183204349edfd6b972e189375fc5f1fb0 https://git.kernel.org/stable/c/f48ab6ee654ecc350434e4566bc785773f412b7e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:15:31.921Z

Updated: 2026-05-01T14:15:31.921Z

Reserved: 2026-05-01T14:12:55.977Z

Link: CVE-2026-43032

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:47.787

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-43032

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43032 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T07:15:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object