CVE-2026-45940
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: stmmac: fix oops when split header is enabled<br />
<br />
For GMAC4, when split header is enabled, in some rare cases, the<br />
hardware does not fill buf2 of the first descriptor with payload.<br />
Thus we cannot assume buf2 is always fully filled if it is not<br />
the last descriptor. Otherwise, the length of buf2 of the second<br />
descriptor will be calculated wrong and cause an oops:<br />
<br />
Unable to handle kernel paging request at virtual address ffff00019246bfc0<br />
...<br />
x2 : 0000000000000040 x1 : ffff00019246bfc0 x0 : ffff00009246c000<br />
Call trace:<br />
dcache_inval_poc+0x28/0x58 (P)<br />
dma_direct_sync_single_for_cpu+0x38/0x6c<br />
__dma_sync_single_for_cpu+0x34/0x6c<br />
stmmac_napi_poll_rx+0x8f0/0xb60<br />
__napi_poll.constprop.0+0x30/0x144<br />
net_rx_action+0x160/0x274<br />
handle_softirqs+0x1b8/0x1fc<br />
...<br />
<br />
To fix this, the PL bit-field in RDES3 register is used for all<br />
descriptors, whether it is the last descriptor or not.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4 (including) | 6.18.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



