SB2026042576 - Use-after-free in Linux kernel microchip lan966x driver



SB2026042576 - Use-after-free in Linux kernel microchip lan966x driver

Published: April 25, 2026

Security Bulletin ID SB2026042576
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Use-after-free (CVE-ID: CVE-2026-31644)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in lan966x_fdma_reload() when handling a failure to allocate new RX buffers during DMA reload. A local user can trigger the allocation failure and restart DMA with old descriptors whose pages were already freed to cause a denial of service.

The issue occurs on the restore path, where hardware may DMA into memory that has been returned to the buddy allocator and reused by other kernel subsystems.


Remediation

Install update from vendor's website.