SB2026042562 - Integer underflow in Linux kernel stmicro stmmac driver
Published: April 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer underflow (CVE-ID: CVE-2026-31649)
CWE-ID: CWE-191 - Integer underflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information and cause memory corruption.
The vulnerability exists due to integer underflow in jumbo_frm() chain-mode implementation in the stmmac driver when processing a packet whose linear portion is smaller than the buffer size but whose total length exceeds it due to page fragments. A local user can send a specially crafted packet to disclose sensitive information and cause memory corruption.
On systems without an IOMMU, the issue can cause DMA mappings to reference kernel memory beyond the skb buffer.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/10d12b9240ebf96c785f0e2e4228318cd5f3a3eb
- https://git.kernel.org/stable/c/275bdf762e82082f064e60a92448fa2ac43cf95b
- https://git.kernel.org/stable/c/2c91b39912278d0878f9ba60ba04d2518b18a08d
- https://git.kernel.org/stable/c/513e06735f5be575b409d195822195348b164e48
- https://git.kernel.org/stable/c/51f4e090b9f87b40c21b6daadb5c06e6c0a07b67
- https://git.kernel.org/stable/c/6fca757c20396dc2e604dcc61922264e9e3dc803
- https://git.kernel.org/stable/c/a2b68a9a476b9544ff31f1fbcd5d80867a8a5e2f
- https://git.kernel.org/stable/c/b7b8012193fd98236d7ae05d4b553f010a77b2ef