Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y54q-e569-p7cx
Vulnerability ID VCID-y54q-e569-p7cx
Aliases CVE-2026-31622
Summary In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_res() appends 3 or 4 bytes to target->nfcid1 on each round, but the number of cascade rounds is controlled entirely by the peer device. The peer sets the cascade tag in the SDD_RES (deciding 3 vs 4 bytes) and the cascade-incomplete bit in the SEL_RES (deciding whether another round follows). ISO 14443-3 limits NFC-A to three cascade levels and target->nfcid1 is sized accordingly (NFC_NFCID1_MAXSIZE = 10), but nothing in the driver actually enforces this. This means a malicious peer can keep the cascade running, writing past the heap-allocated nfc_target with each round. Fix this by rejecting the response when the accumulated UID would exceed the buffer. Commit e329e71013c9 ("NFC: nci: Bounds check struct nfc_target arrays") fixed similar missing checks against the same field on the NCI path.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2026-31622
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-31622
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31622.json
https://api.first.org/data/v1/epss?cve=CVE-2026-31622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31622
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2461459 https://bugzilla.redhat.com/show_bug.cgi?id=2461459
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.0462
EPSS Score 0.00018
Published At April 26, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-25T23:21:35.318757+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.4.0