CVE-2026-45940

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: stmmac: fix oops when split header is enabled<br /> <br /> For GMAC4, when split header is enabled, in some rare cases, the<br /> hardware does not fill buf2 of the first descriptor with payload.<br /> Thus we cannot assume buf2 is always fully filled if it is not<br /> the last descriptor. Otherwise, the length of buf2 of the second<br /> descriptor will be calculated wrong and cause an oops:<br /> <br /> Unable to handle kernel paging request at virtual address ffff00019246bfc0<br /> ...<br /> x2 : 0000000000000040 x1 : ffff00019246bfc0 x0 : ffff00009246c000<br /> Call trace:<br /> dcache_inval_poc+0x28/0x58 (P)<br /> dma_direct_sync_single_for_cpu+0x38/0x6c<br /> __dma_sync_single_for_cpu+0x34/0x6c<br /> stmmac_napi_poll_rx+0x8f0/0xb60<br /> __napi_poll.constprop.0+0x30/0x144<br /> net_rx_action+0x160/0x274<br /> handle_softirqs+0x1b8/0x1fc<br /> ...<br /> <br /> To fix this, the PL bit-field in RDES3 register is used for all<br /> descriptors, whether it is the last descriptor or not.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4 (including) 6.18.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 6.19.4 (excluding)