CVE-2026-31622 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 27, 2026
Linux kernel NFC digital - Out of Bounds Read/Write
Published: April 24, 2026Updated: April 27, 2026
Overview
Linux kernel NFC digital subsystem contains a buffer overflow caused by missing bounds check on NFC-A cascade depth in SDD response handler, letting malicious peer devices write beyond allocated buffer, exploit requires malicious NFC peer device.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Malicious NFC devices can cause buffer overflow, potentially leading to kernel memory corruption or denial of service.
Mitigation
Update to the latest Linux kernel version containing the fix.
References
- https://git.kernel.org/stable/c/cc024a3de265ef6c58957f4990eccb9f806208cb
- https://git.kernel.org/stable/c/46ce8be2ced389bccd84bcc04a12cf2f4d0c22d1
- https://git.kernel.org/stable/c/2819f34e08bdffb6f06a51c67948ec5737fb166a
- https://git.kernel.org/stable/c/1bec5698b55aa2be5c3b983dba657c01d0fd3dbc
- https://git.kernel.org/stable/c/5a59bf70c38ee1eb4be03bab830bbc3a6f0bd1f1
- https://git.kernel.org/stable/c/8d9d9bf3565271ca7ab9c716a94e87296177e7ba
Related Resources
Details
- CVE ID
- CVE-2026-31622
- Severity
- High
- CVSS Score
- 8.8
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H