Improper Check or Handling of Exceptional Conditions in Linux kernel - CVE-2026-31646
Published: April 25, 2026
Vulnerability identifier: #VU127760
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31646
CWE-ID: CWE-703
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of an error pointer in lan966x_fdma_rx_alloc_page_pool() when creating a page pool. A local user can trigger page_pool_create() failure to cause a denial of service.
The issue can lead to a kernel oops when the error pointer is dereferenced through xdp_rxq_info_reg_mem_model() and page_pool_use_xdp_mem().
How to mitigate CVE-2026-31646
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/305832c53551cfbe6e5b81ca7ee765e60f4fe8e9
- https://git.kernel.org/stable/c/3fd0da4fd8851a7e62d009b7db6c4a05b092bc19
- https://git.kernel.org/stable/c/7caf90d9ab97951a58d1de85ab7e7d7cca7a4513
- https://git.kernel.org/stable/c/b5dcb41ba891b55157006cac79825c78a32b409e
- https://git.kernel.org/stable/c/e63265f188ea39dcf5f546770650027528f3bd0f