Use-After-Free Vulnerability in Linux Kernel Affecting TI's ICSSG PRU-ETH Ethernet Driver
CVE-2026-31501

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31501?

A vulnerability exists in the Linux kernel related to the TI ICSSG PRU-ETH Ethernet Driver, where a use-after-free condition can occur during packet processing. Specifically, when handling received packets, the system prematurely frees a descriptor linked to the passed data before all necessary operations are completed. This leads to potential dereferencing of invalid pointers, creating risks for memory corruption and undefined behavior. The issue arises in the emac_rx_packet() and emac_rx_packet_zc() functions. The fix involves deferring the descriptor's freeing action until all accesses to the data pointer are finalized, ensuring safe memory operations.

Affected Version(s)

Linux 46eeb90f03e03d5e8f7f9f1f0eb0792104fc5f86

Linux 6.15

References

https://git.kernel.org/stable/c/d5827316debcb677679bb0148...

https://git.kernel.org/stable/c/eb8c426c9803beb171f89d15f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31501 Data

JSON