SB2026042562 - Integer underflow in Linux kernel stmicro stmmac driver



SB2026042562 - Integer underflow in Linux kernel stmicro stmmac driver

Published: April 25, 2026

Security Bulletin ID SB2026042562
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer underflow (CVE-ID: CVE-2026-31649)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information and cause memory corruption.

The vulnerability exists due to integer underflow in jumbo_frm() chain-mode implementation in the stmmac driver when processing a packet whose linear portion is smaller than the buffer size but whose total length exceeds it due to page fragments. A local user can send a specially crafted packet to disclose sensitive information and cause memory corruption.

On systems without an IOMMU, the issue can cause DMA mappings to reference kernel memory beyond the skb buffer.


Remediation

Install update from vendor's website.