Skip to main content

Linux Kernel macb CVE-2026-31563

| EUVDEUVD-2026-25456 HIGH
2026-04-24 Linux GHSA-fp5j-cvvc-rp28
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

8
Re-analysis Queued
Apr 27, 2026 - 20:37 vuln.today
cvss_changed
Patch released
Apr 27, 2026 - 20:31 nvd
Patch available
Analysis Generated
Apr 27, 2026 - 15:30 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
7.5 (HIGH)
Patch available
Apr 24, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25456
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:35 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: macb: Use dev_consume_skb_any() to free TX SKBs

The napi_consume_skb() function is not intended to be called in an IRQ disabled context. However, after commit 6bc8a5098bf4 ("net: macb: Fix tx_ptr_lock locking"), the freeing of TX SKBs is performed with IRQs disabled. To resolve the following call trace, use dev_consume_skb_any() for freeing TX SKBs: WARNING: kernel/softirq.c:430 at __local_bh_enable_ip+0x174/0x188, CPU#0: ksoftirqd/0/15 Modules linked in: CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 7.0.0-rc4-next-20260319-yocto-standard-dirty #37 PREEMPT Hardware name: ZynqMP ZCU102 Rev1.1 (DT) pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __local_bh_enable_ip+0x174/0x188 lr : local_bh_enable+0x24/0x38 sp : ffff800082b3bb10 x29: ffff800082b3bb10 x28: ffff0008031f3c00 x27: 000000000011ede0 x26: ffff000800a7ff00 x25: ffff800083937ce8 x24: 0000000000017a80 x23: ffff000803243a78 x22: 0000000000000040 x21: 0000000000000000 x20: ffff000800394c80 x19: 0000000000000200 x18: 0000000000000001 x17: 0000000000000001 x16: ffff000803240000 x15: 0000000000000000 x14: ffffffffffffffff x13: 0000000000000028 x12: ffff000800395650 x11: ffff8000821d1528 x10: ffff800081c2bc08 x9 : ffff800081c1e258 x8 : 0000000100000301 x7 : ffff8000810426ec x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000008 x1 : 0000000000000200 x0 : ffff8000810428dc Call trace: __local_bh_enable_ip+0x174/0x188 (P) local_bh_enable+0x24/0x38 skb_attempt_defer_free+0x190/0x1d8 napi_consume_skb+0x58/0x108 macb_tx_poll+0x1a4/0x558 __napi_poll+0x50/0x198 net_rx_action+0x1f4/0x3d8 handle_softirqs+0x16c/0x560 run_ksoftirqd+0x44/0x80 smpboot_thread_fn+0x1d8/0x338 kthread+0x120/0x150 ret_from_fork+0x10/0x20 irq event stamp: 29751 hardirqs last enabled at (29750): [<ffff8000813be184>] _raw_spin_unlock_irqrestore+0x44/0x88 hardirqs last disabled at (29751): [<ffff8000813bdf60>] _raw_spin_lock_irqsave+0x38/0x98 softirqs last enabled at (29150): [<ffff8000800f1aec>] handle_softirqs+0x504/0x560 softirqs last disabled at (29153): [<ffff8000800f2fec>] run_ksoftirqd+0x44/0x80

AnalysisAI

Memory management flaw in Linux kernel's Cadence macb network driver causes kernel warning and potential denial of service. Specifically affects the macb Ethernet driver on ARM64 ZynqMP platforms (kernel versions 6.1+ containing commit 6bc8a5098bf4). The vulnerability stems from calling napi_consume_skb() with IRQs disabled during TX packet cleanup, violating kernel API contracts and potentially causing system instability under network load. EPSS exploitation probability is very low (0.02%, 7th percentile) with vendor-released patches available across all stable kernel branches (6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). No active exploitation or public exploit code identified at time of analysis.

Technical ContextAI

The Cadence MACB (Media Access Controller Block) driver provides Ethernet networking support for ARM-based SoCs like Xilinx ZynqMP. The vulnerability was introduced in commit 6bc8a5098bf4 which added IRQ-disabled locking around TX completion path to fix a race condition. However, this change violated the API contract of napi_consume_skb(), which internally calls local_bh_enable() - a function prohibited in IRQ-disabled contexts because it manipulates soft interrupt state. The affected code path is macb_tx_poll() → napi_consume_skb() → skb_attempt_defer_free() → local_bh_enable(), where the final call triggers the kernel warning. The CPE strings (cpe:2.3:a:linux:linux) indicate this affects mainline Linux kernel versions containing the problematic commit. The fix replaces napi_consume_skb() with dev_consume_skb_any(), which safely handles SKB freeing in any interrupt context by checking current execution context before attempting optimizations.

RemediationAI

Upgrade to patched kernel versions: 6.1.168+ (commit 78c8b090a3d5), 6.6.131+ (commit 984350b37372), 6.12.80+ (commit ca4d05afb468), 6.18.21+ (commit f4bc91398b57), 6.19.11+ (commit 647b8a2fe474), or mainline 7.0 final (commit 92e7081f0c79). All patches available at git.kernel.org/stable with links provided in CVE references. For systems unable to upgrade immediately, the impact is limited to kernel log warnings rather than functional failure, so risk of delaying patch deployment is minimal for non-critical embedded systems. No effective workaround exists short of disabling the macb network interface (ip link set eth0 down), which eliminates network connectivity and is impractical for production. If macb interface must remain active pre-patch, monitor dmesg for WARNING signatures at __local_bh_enable_ip and schedule maintenance window for kernel update. Advisory details at https://nvd.nist.gov/vuln/detail/CVE-2026-31563 and patch commits in references section.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31563 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy