CVE-2026-31645
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2026
Last modified:
27/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: lan966x: fix page pool leak in error paths<br />
<br />
lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if<br />
the subsequent fdma_alloc_coherent() call fails, leaking the pool.<br />
<br />
Similarly, lan966x_fdma_init() frees the coherent DMA memory when<br />
lan966x_fdma_tx_alloc() fails but does not destroy the page pool that<br />
was successfully created by lan966x_fdma_rx_alloc(), leaking it.<br />
<br />
Add the missing page_pool_destroy() calls in both error paths.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2.1 (including) | 6.12.82 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page