VDB
CVE-2026-31645
CVE-2026-31645
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequent fdma_alloc_coherent() call fails, leaking the pool. Similarly, lan966x_fdma_init() frees the coherent DMA memory when lan966x_fdma_tx_alloc() fails but does not destroy the page pool that was successfully created by lan966x_fdma_rx_alloc(), leaking it. Add the missing page_pool_destroy() calls in both error paths.
EPSS 0.02% · 3.2th percentile
Risk Scores
EPSS Score
0.02%
3.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | *, 6.18.23, 0 |
| linux | linux_kernel | 6.2, 6.2, 6.2 |
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 Security Advisory
- Apr 27, 2026 Security Advisory
- Apr 27, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/73e940c4249dc5ec6422d1fae535d192fb125955 url
- https://git.kernel.org/stable/c/22e1ee9f22b5c3bb702bb6d4167d770002a85b2b url
- https://git.kernel.org/stable/c/4941e234cfd67ac911fb259642b453f9f76aac41 url
- https://git.kernel.org/stable/c/076344a6ad9d1308faaed1402fdcfdda68b604ab url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31645 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory