Use-After-Free and Memory Leak in Linux Kernel's LAN966x Driver
CVE-2026-31644
What is CVE-2026-31644?
A vulnerability exists in the LAN966x driver of the Linux kernel that leads to a use-after-free and memory leak scenario. When the function lan966x_fdma_reload() fails to allocate new RX buffers, it mistakenly restarts DMA using old descriptors whose memory has already been freed. This can result in data corruption as the hardware may attempt to read from memory areas now controlled by other kernel subsystems. Additionally, if only a partial allocation of the page pool succeeds, the newly created pool is overwritten without proper handling, leading to memory leaks. The resolution involves deferring the release of old pages until a new allocation is confirmed successful, ensuring that any existing pages and descriptors remain valid in the event of an allocation failure. This fix enhances the robustness of the network device operation by maintaining integrity in memory management.
Affected Version(s)
Linux 89ba464fcf548d64bc7215dfe769f791330ae8b6 < 691082c0b93c13a5e068c0905f673060bddc204e
Linux 89ba464fcf548d64bc7215dfe769f791330ae8b6 < 92a673019943770930e2a8bfd52e1aad47a1fc1f
Linux 89ba464fcf548d64bc7215dfe769f791330ae8b6 < 9950e9199b3dfdfbde0b8d96ba947d7b11243801