Integer Underflow Vulnerability in Linux Kernel Affects STMMAC Implementation
CVE-2026-31649

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31649?

A vulnerability within the Linux kernel's STMMAC implementation can cause an integer underflow, leading to excessive loop iterations during packet processing. In particular, when handling jumbo frames, the calculation involving linear portion lengths versus fragment lengths can result in an unsafe value for the length variable. This vulnerability allows arbitrary kernel memory to be mapped to the DMA engine, potentially leading to kernel memory disclosure or corruption, especially in systems without IOMMU support. The introduction of safeguards, including clamping the buffer length, mitigates this risk effectively.

Affected Version(s)

Linux 286a837217204b1ef105e3a554d0757e4fdfaac1 < 513e06735f5be575b409d195822195348b164e48

Linux 286a837217204b1ef105e3a554d0757e4fdfaac1 < 275bdf762e82082f064e60a92448fa2ac43cf95b

Linux 286a837217204b1ef105e3a554d0757e4fdfaac1

References

https://git.kernel.org/stable/c/513e06735f5be575b409d1958...

https://git.kernel.org/stable/c/275bdf762e82082f064e60a92...

https://git.kernel.org/stable/c/a2b68a9a476b9544ff31f1fbc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31649 Data

JSON