Linux Kernel - Page Pool Leak Vulnerability in LAN966X by Vendor
CVE-2026-31645

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31645?

A resource leak vulnerability exists in the LAN966X component of the Linux kernel. The issue arises during memory allocation processes, specifically in the functions lan966x_fdma_rx_alloc() and lan966x_fdma_init(). When memory allocation fails, corresponding page pools created during these processes are not effectively destroyed, leading to memory leaks. This oversight can degrade system performance and stability over time. The vulnerability has been addressed by adding appropriate page_pool_destroy() calls to ensure that all resources are properly managed, even in error scenarios.

Affected Version(s)

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a < 73e940c4249dc5ec6422d1fae535d192fb125955

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a < 22e1ee9f22b5c3bb702bb6d4167d770002a85b2b

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a < 4941e234cfd67ac911fb259642b453f9f76aac41

References

https://git.kernel.org/stable/c/73e940c4249dc5ec6422d1fae...

https://git.kernel.org/stable/c/22e1ee9f22b5c3bb702bb6d41...

https://git.kernel.org/stable/c/4941e234cfd67ac911fb25964...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31645 Data

JSON