๐Ÿ” CVE Alert

CVE-2026-31629

HIGH 8.8

nfc: llcp: add missing return after LLCP_CLOSED checks

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but fails to return. Execution falls through to the remainder of the function, which calls release_sock() and nfc_llcp_sock_put() again. This results in a double release_sock() and a refcount underflow via double nfc_llcp_sock_put(), leading to a use-after-free. Add the missing return statements after the LLCP_CLOSED branches in both functions to prevent the fall-through.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Apr 24, 2026
Last Updated Jun 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
d646960f7986fefb460a2b062d5ccc8ccfeacc3a < b2a23529593d011fb433a3d711fc597ed6a6bd2f d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 665315df9c3486cb213fc44d83cc8bcd47fe0d26 d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 9b49e2a4b8219a2fc5cebf94f4ec34e509aff8a6 d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 0eb1263a3b8c36418c9ba295c9ab3abed664edbf d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 796e0cac058252d0ad34ebe288e6f7979b5fc9b2 d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 8977fad2b3c6eefd414131168d597c5d1d5e1abf d646960f7986fefb460a2b062d5ccc8ccfeacc3a < ff3d9e8f7244293e303f7b6ef70774291c7c27e9 d646960f7986fefb460a2b062d5ccc8ccfeacc3a < aba4712e8f0381cd5d196534ce2ad082626a5ab6 d646960f7986fefb460a2b062d5ccc8ccfeacc3a < 2b5dd4632966c39da6ba74dbc8689b309065e82c
Linux / Linux
3.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/b2a23529593d011fb433a3d711fc597ed6a6bd2f git.kernel.org: https://git.kernel.org/stable/c/665315df9c3486cb213fc44d83cc8bcd47fe0d26 git.kernel.org: https://git.kernel.org/stable/c/9b49e2a4b8219a2fc5cebf94f4ec34e509aff8a6 git.kernel.org: https://git.kernel.org/stable/c/0eb1263a3b8c36418c9ba295c9ab3abed664edbf git.kernel.org: https://git.kernel.org/stable/c/796e0cac058252d0ad34ebe288e6f7979b5fc9b2 git.kernel.org: https://git.kernel.org/stable/c/8977fad2b3c6eefd414131168d597c5d1d5e1abf git.kernel.org: https://git.kernel.org/stable/c/ff3d9e8f7244293e303f7b6ef70774291c7c27e9 git.kernel.org: https://git.kernel.org/stable/c/aba4712e8f0381cd5d196534ce2ad082626a5ab6 git.kernel.org: https://git.kernel.org/stable/c/2b5dd4632966c39da6ba74dbc8689b309065e82c