Skip to main content

Linux Kernel CVE-2026-31737

| EUVDEUVD-2026-26550 MEDIUM
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:15 vuln.today
CVSS changed
May 07, 2026 - 19:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26550
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: ftgmac100: fix ring allocation unwind on open failure

ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated earlier in the function.

Rework the failure path to use staged local unwind labels and free allocated resources in reverse order before returning -ENOMEM. This matches common netdev allocation cleanup style.

AnalysisAI

Memory leaks in the ftgmac100 Ethernet driver's ring allocation function allow local authenticated users to cause a denial of service through resource exhaustion on driver initialization failure. The vulnerability is triggered when ftgmac100_alloc_rings() fails during intermediate allocation stages, returning directly without freeing previously allocated resources (rx_skbs, tx_skbs, rxdes, txdes, rx_scratch). This affects Linux kernel versions prior to fixes released in stable branches 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0.

Technical ContextAI

The ftgmac100 is a Faraday-based Gigabit Ethernet MAC controller driver integrated into the Linux kernel networking subsystem. The vulnerability exists in the multi-stage memory allocation routine ftgmac100_alloc_rings(), which sequentially allocates socket buffers (rx_skbs, tx_skbs), DMA descriptor rings (rxdes, txdes), and scratch buffers (rx_scratch) for Ethernet frame transmission and reception. The driver uses this function during device open operations to prepare packet handling infrastructure. The root cause is insufficient error handling: when intermediate allocations fail, the function returns -ENOMEM immediately without executing proper unwinding logic to release resources allocated in earlier stages. This is a resource leak rather than memory corruption, but persistent failures during driver initialization can exhaust kernel memory pools. The issue was fixed by implementing staged local unwind labels that follow standard Linux netdev driver cleanup patterns, ensuring all partially-allocated resources are freed in reverse allocation order.

RemediationAI

Apply vendor-released kernel patches from the appropriate stable branch: upgrade to 5.10.253 or later for 5.10.x, 5.15.203 or later for 5.15.x, 6.1.168 or later for 6.1.x, 6.6.134 or later for 6.6.x, 6.12.81 or later for 6.12.x, 6.18.22 or later for 6.18.x, 6.19.12 or later for 6.19.x, or 7.0 or later for the mainline branch. For systems unable to immediately patch, disable ftgmac100 driver support (CONFIG_FTGMAC100=n) if an alternative network interface is available, as this eliminates the vulnerable code path entirely. If the ftgmac100 interface is critical, implement tight access controls restricting local authentication and monitor kernel memory pressure (via /proc/meminfo and slab allocation metrics) for signs of resource exhaustion. Kernel memory cgroup limits can be enforced to prevent complete system memory exhaustion. Note that disabling the driver will result in loss of network connectivity on affected hardware unless redundant interfaces are available. Patches are available from kernel.org stable releases linked in CVE references.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31737 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy