{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "8fcc7315a10a84264e55bb65ede10f0af20a983f"
            },
            {
              "fixed": "a24a8a582da4426b2042e510a1080df84083b51d"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "bfdda0123dde406dbff62e7e9136037e97998a15"
            },
            {
              "fixed": "f5218426f765eee22e178df9c126d974792fb6a5"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0ba68bea1e356f466ad29449938bea12f5f3711f"
            },
            {
              "fixed": "ad058a4317db7fdb3f09caa6ed536d24a62ce6a0"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "74837bca0748763a77f77db47a0bdbe63b347628"
            },
            {
              "fixed": "3b91160e9a91b5a2662875417dc42dc5b0bf03ea"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "9c328f54741bd5465ca1dc717c84c04242fac2e1"
            },
            {
              "fixed": "c692db813a7e3b7c3c17d6e9a3ad2a018bf1142b"
            },
            {
              "fixed": "498fc5d0d650c77e87fcc73808d4f43240c21805"
            },
            {
              "fixed": "571dcbeb8e635182bb825ae758399831805693c2"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "c395d1e548cc68e84584ffa2e3ca9796a78bf7b9"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "5.15.195"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.1.156"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.6.112"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.12.53"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.17.3"
            },
            {
              "fixed": "6.18"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.16"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.18.0"
            },
            {
              "fixed": "6.19.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43291.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Fix parameter validation for packet data\n\nSince commit 9c328f54741b (\"net: nfc: nci: Add parameter validation for\npacket data\") communication with nci nfc chips is not working any more.\n\nThe mentioned commit tries to fix access of uninitialized data, but\nfailed to understand that in some cases the data packet is of variable\nlength and can therefore not be compared to the maximum packet length\ngiven by the sizeof(struct).",
  "id": "CVE-2026-43291",
  "modified": "2026-07-08T05:39:08.195634921Z",
  "published": "2026-05-08T13:11:15.312Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b91160e9a91b5a2662875417dc42dc5b0bf03ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/498fc5d0d650c77e87fcc73808d4f43240c21805"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/571dcbeb8e635182bb825ae758399831805693c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a24a8a582da4426b2042e510a1080df84083b51d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad058a4317db7fdb3f09caa6ed536d24a62ce6a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c692db813a7e3b7c3c17d6e9a3ad2a018bf1142b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5218426f765eee22e178df9c126d974792fb6a5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43291.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43291"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "net: nfc: nci: Fix parameter validation for packet data"
}