CVE-2026-43098

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the NFC s3fwrn5 component where the s3fwrn82 uart read() function reports accepted bytes to the serdev core. The system may deliver a complete frame before allocating a new receive buffer. If alloc skb() fails, the callback returns 0 despite having consumed bytes, leaving recv skb as NULL. This violates the receive buf() accounting contract and can lead to a NULL pointer dereference—a condition where the software attempts to read from a memory address that is null—during the subsequent skb put u8() call.

Recommendations Allocate the receive skb lazily before consuming the next byte; if allocation fails, return the number of bytes already accepted.