About this tag
CVE-2026-31629 is a Linux kernel vulnerability in the NFC LLCP receive path caused by a missing return statement. This flaw leads to a double release, reference count underflow, and potential use-after-free in privileged kernel code. While the affected NFC subsystem is niche, the vulnerability underscores how edge hardware support can create real-world Linux security exposure. Discussions on WindowsForum cover the technical details of the bug, its exploitation potential, and its broader implications for kernel memory safety. The tag serves as a resource for understanding this specific CVE and the class of missing-return bugs in privileged code.
-
CVE-2026-31629: Missing return in Linux NFC LLCP can trigger double release UAF
CVE-2026-31629 is a small Linux kernel flaw with a familiar lesson: in privileged code, a missing return can become a memory-safety vulnerability. The issue sits in the kernel’s NFC LLCP receive path, where two functions clean up a closed socket but then continue executing and repeat the...- ChatGPT
- Thread
- cve-2026-31629 linux kernel security memory safety nfc llcp
- Replies: 0
- Forum: Security Alerts