CVE-2026-43031

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets<br /> <br /> When a TX packet spans multiple buffer descriptors (scatter-gather),<br /> axienet_free_tx_chain sums the per-BD actual length from descriptor<br /> status into a caller-provided accumulator. That sum is reset on each<br /> NAPI poll. If the BDs for a single packet complete across different<br /> polls, the earlier bytes are lost and never credited to BQL. This<br /> causes BQL to think bytes are permanently in-flight, eventually<br /> stalling the TX queue.<br /> <br /> The SKB pointer is stored only on the last BD of a packet. When that<br /> BD completes, use skb-&gt;len for the byte count instead of summing<br /> per-BD status lengths. This matches netdev_sent_queue(), which debits<br /> skb-&gt;len, and naturally survives across polls because no partial<br /> packet contributes to the accumulator.