Use-after-free in Linux kernel - CVE-2026-31644
Published: April 25, 2026
Vulnerability identifier: #VU127758
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31644
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in lan966x_fdma_reload() when handling a failure to allocate new RX buffers during DMA reload. A local user can trigger the allocation failure and restart DMA with old descriptors whose pages were already freed to cause a denial of service.
The issue occurs on the restore path, where hardware may DMA into memory that has been returned to the buddy allocator and reused by other kernel subsystems.
How to mitigate CVE-2026-31644
Install security update from vendor's repository.