Linux Kernel: lan966x Page Pool Leak in Error Paths (CVE-2026-31645)
CVE-2026-31645 Published on April 24, 2026
net: lan966x: fix page pool leak in error paths
In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page pool leak in error paths
lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if
the subsequent fdma_alloc_coherent() call fails, leaking the pool.
Similarly, lan966x_fdma_init() frees the coherent DMA memory when
lan966x_fdma_tx_alloc() fails but does not destroy the page pool that
was successfully created by lan966x_fdma_rx_alloc(), leaking it.
Add the missing page_pool_destroy() calls in both error paths.
Products Associated with CVE-2026-31645
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 73e940c4249dc5ec6422d1fae535d192fb125955 is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 22e1ee9f22b5c3bb702bb6d4167d770002a85b2b is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 4941e234cfd67ac911fb259642b453f9f76aac41 is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 076344a6ad9d1308faaed1402fdcfdda68b604ab is affected.
- Version 6.2 is affected.
- Before 6.2 is unaffected.
- Version 6.12.82, <= 6.12.* is unaffected.
- Version 6.18.23, <= 6.18.* is unaffected.
- Version 6.19.13, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.