CVE-2026-31737
Description
In the Linux kernel, the following vulnerability has been resolved:
net: ftgmac100: fix ring allocation unwind on open failure
ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated earlier in the function.
Rework the failure path to use staged local unwind labels and free allocated resources in reverse order before returning -ENOMEM. This matches common netdev allocation cleanup style.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in ftgmac100 driver on ring allocation failure could lead to resource exhaustion.
Vulnerability
In the Linux kernel's ftgmac100 network driver, the ftgmac100_alloc_rings() function allocates multiple resources (rx_skbs, tx_skbs, rxdes, txdes, rx_scratch) in stages. If an intermediate allocation fails, the function previously returned -ENOMEM directly without freeing previously allocated resources, causing a memory leak [1].
Exploitation
An attacker with local access and the ability to trigger a device open operation (e.g., by bringing the network interface up) could cause an allocation failure, leading to the leak. No-op. The vulnerability is triggered during normal driver initialization when memory is low; no special privileges beyond local access are required.
Impact
A successful exploitation results in a memory leak, which over repeated attempts could exhaust system memory, leading to denial of service. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and potential for availability impact.
Mitigation
The fix introduces staged local unwind labels that free allocated resources in reverse order before returning -ENOMEM, matching common netdev allocation cleanup style [1]. The fix has been backported to stable kernel branches [2][3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.12,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/184b3a500d60ea48d1b176103cff1706c456edf3nvdPatch
- git.kernel.org/stable/c/78da43320d9d6ed788147fb085184e4fc801f057nvdPatch
- git.kernel.org/stable/c/82f86111f0704ab2ded11a2033bc6cf0be3e09eanvdPatch
- git.kernel.org/stable/c/8351d18989c8642fc53e2e12d94e42314a39b078nvdPatch
- git.kernel.org/stable/c/8a71911fc7eeea930153322bc1efc065db8cd97envdPatch
- git.kernel.org/stable/c/a7e1bf392acf11dc4209820fef75758f6e42bd65nvdPatch
- git.kernel.org/stable/c/c0fd0fe745f5e8c568d898cd1513d0083e46204anvdPatch
- git.kernel.org/stable/c/d45230081f19c280096241353c26b0de457de795nvdPatch
News mentions
0No linked articles in our index yet.