Description

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but fails to return. Execution falls through to the remainder of the function, which calls release_sock() and nfc_llcp_sock_put() again. This results in a double release_sock() and a refcount underflow via double nfc_llcp_sock_put(), leading to a use-after-free. Add the missing return statements after the LLCP_CLOSED branches in both functions to prevent the fall-through.

INFO

Published Date :

2026-04-24T14:42:49.849Z

Last Modified :

2026-04-27T14:04:29.998Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31629 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31629.

URL Resource
https://git.kernel.org/stable/c/0eb1263a3b8c36418c9ba295c9ab3abed664edbf cve-icon cve-icon
https://git.kernel.org/stable/c/2b5dd4632966c39da6ba74dbc8689b309065e82c cve-icon cve-icon
https://git.kernel.org/stable/c/796e0cac058252d0ad34ebe288e6f7979b5fc9b2 cve-icon cve-icon
https://git.kernel.org/stable/c/8977fad2b3c6eefd414131168d597c5d1d5e1abf cve-icon cve-icon
https://git.kernel.org/stable/c/aba4712e8f0381cd5d196534ce2ad082626a5ab6 cve-icon cve-icon
https://git.kernel.org/stable/c/ff3d9e8f7244293e303f7b6ef70774291c7c27e9 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042428-CVE-2026-31629-84ab@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31629 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31629 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact