CVE-2026-31629
- Source
- https://cve.org/CVERecord?id=CVE-2026-31629
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31629.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31629
- Downstream
- Related
- Published
- 2026-04-24T14:42:49.849Z
- Modified
- 2026-06-11T12:29:14.195056644Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- nfc: llcp: add missing return after LLCP_CLOSED checks
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfc: llcp: add missing return after LLCP_CLOSED checks
In nfcllcprecvhdlc() and nfcllcprecvdisc(), when the socket state is LLCPCLOSED, the code correctly calls releasesock() and nfcllcpsockput() but fails to return. Execution falls through to the remainder of the function, which calls releasesock() and nfcllcpsockput() again. This results in a double releasesock() and a refcount underflow via double nfcllcpsock_put(), leading to a use-after-free.
Add the missing return statements after the LLCP_CLOSED branches in both functions to prevent the fall-through.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31629.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0eb1263a3b8c36418c9ba295c9ab3abed664edbf
- https://git.kernel.org/stable/c/2b5dd4632966c39da6ba74dbc8689b309065e82c
- https://git.kernel.org/stable/c/665315df9c3486cb213fc44d83cc8bcd47fe0d26
- https://git.kernel.org/stable/c/796e0cac058252d0ad34ebe288e6f7979b5fc9b2
- https://git.kernel.org/stable/c/8977fad2b3c6eefd414131168d597c5d1d5e1abf
- https://git.kernel.org/stable/c/9b49e2a4b8219a2fc5cebf94f4ec34e509aff8a6
- https://git.kernel.org/stable/c/aba4712e8f0381cd5d196534ce2ad082626a5ab6
- https://git.kernel.org/stable/c/b2a23529593d011fb433a3d711fc597ed6a6bd2f
- https://git.kernel.org/stable/c/ff3d9e8f7244293e303f7b6ef70774291c7c27e9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31629.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31629
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd646960f7986fefb460a2b062d5ccc8ccfeacc3aFixedb2a23529593d011fb433a3d711fc597ed6a6bd2fFixed665315df9c3486cb213fc44d83cc8bcd47fe0d26Fixed9b49e2a4b8219a2fc5cebf94f4ec34e509aff8a6Fixed0eb1263a3b8c36418c9ba295c9ab3abed664edbfFixed796e0cac058252d0ad34ebe288e6f7979b5fc9b2Fixed8977fad2b3c6eefd414131168d597c5d1d5e1abfFixedff3d9e8f7244293e303f7b6ef70774291c7c27e9Fixedaba4712e8f0381cd5d196534ce2ad082626a5ab6Fixed2b5dd4632966c39da6ba74dbc8689b309065e82c
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.3.0Fixed5.10.258
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.209
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.136
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.83
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.24
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.14
- Type
- ECOSYSTEM
- Events
-
Introduced6.20.0Fixed7.0.1