NAPI Scheduling Flaw in Linux Kernel's igb Driver by Intel
CVE-2026-31691

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-31691?

A vulnerability exists in the igb driver of the Linux kernel, specifically due to improper handling of NAPI scheduling during abrupt termination of AF_XDP zero-copy applications. When such an application is killed unexpectedly, the XSK buffer pool is destroyed, yet NAPI polling continues, resulting in the igb_clean_rx_irq_zc() function failing to clear the NAPI state. This improper state management causes the igb_down() function to block indefinitely, leading to severe system stall where the TX watchdog may trigger, and the TX queue remains blocked. The vulnerability arises from the redundant use of napi_synchronize() before napi_disable(), which is unnecessary as napi_disable() already provides the necessary guarantees to properly handle polling state changes.

Affected Version(s)

Linux 2c6196013f84651772388a86dfd4bb033d0c0d45 < 4700471775746058c962ded6e659bf908fd76e13

Linux 2c6196013f84651772388a86dfd4bb033d0c0d45 < 27f5997686ee7fb7ac01be72b2010f168a3409fc

Linux 2c6196013f84651772388a86dfd4bb033d0c0d45

References

https://git.kernel.org/stable/c/4700471775746058c962ded6e...

https://git.kernel.org/stable/c/27f5997686ee7fb7ac01be72b...

https://git.kernel.org/stable/c/b1e067240379f950a0022208e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31691 Data

JSON