CVE-2026-31629

UNKNOWN 0.0

nfc: llcp: add missing return after LLCP_CLOSED checks

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but fails to return. Execution falls through to the remainder of the function, which calls release_sock() and nfc_llcp_sock_put() again. This results in a double release_sock() and a refcount underflow via double nfc_llcp_sock_put(), leading to a use-after-free. Add the missing return statements after the LLCP_CLOSED branches in both functions to prevent the fall-through.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 796e0cac058252d0ad34ebe288e6f7979b5fc9b2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8977fad2b3c6eefd414131168d597c5d1d5e1abf 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ff3d9e8f7244293e303f7b6ef70774291c7c27e9 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < aba4712e8f0381cd5d196534ce2ad082626a5ab6

Linux / Linux

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/796e0cac058252d0ad34ebe288e6f7979b5fc9b2 git.kernel.org: https://git.kernel.org/stable/c/8977fad2b3c6eefd414131168d597c5d1d5e1abf git.kernel.org: https://git.kernel.org/stable/c/ff3d9e8f7244293e303f7b6ef70774291c7c27e9 git.kernel.org: https://git.kernel.org/stable/c/aba4712e8f0381cd5d196534ce2ad082626a5ab6