Linux Kernel Vulnerability in Net: lan966x Product by Linux
CVE-2026-31646

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31646?

A vulnerability in the Linux kernel has been identified within the net: lan966x component, where improper error handling during page pool allocation can lead to a kernel oops. The page_pool_create() function has the potential to return an ERR_PTR signal upon failure. If this error pointer is used without proper validation in subsequent processing loops, it can lead to system instability. To mitigate this issue, an IS_ERR check should be implemented to handle failures appropriately and avoid dereferencing error pointers that can crash the system.

Affected Version(s)

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a < 305832c53551cfbe6e5b81ca7ee765e60f4fe8e9

Linux 11871aba19748b3387e83a2db6360aa7119e9a1a

References

https://git.kernel.org/stable/c/e63265f188ea39dcf5f546770...

https://git.kernel.org/stable/c/305832c53551cfbe6e5b81ca7...

https://git.kernel.org/stable/c/b5dcb41ba891b55157006cac7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31646 Data

JSON