CVE Catalog

CVE-2026-31737

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the ftgmac100 driver had a memory leak vulnerability during ring allocation on network interface open failure. The ftgmac100_alloc_rings() function did not free previously allocated resources (rx_skbs, tx_skbs, rxdes, txdes, rx_scratch) on error, causing memory leaks.

Risk Assessment

The risk is potential kernel memory exhaustion from repeated failed interface open attempts, leading to a denial of service (DoS) on the system.

Recommendation

Immediately update the Linux kernel to a version containing the fix that properly releases resources on allocation failures.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated earlier in the function. Rework the failure path to use staged local unwind labels and free allocated resources in reverse order before returning -ENOMEM. This matches common netdev allocation cleanup style.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS