Linux Kernel lan966x Driver: page_pool Create Err Handling Fix (CVE-2026-31646)
CVE-2026-31646 Published on April 24, 2026
net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
page_pool_create() can return an ERR_PTR on failure. The return value
is used unconditionally in the loop that follows, passing the error
pointer through xdp_rxq_info_reg_mem_model() into page_pool_use_xdp_mem(),
which dereferences it, causing a kernel oops.
Add an IS_ERR check after page_pool_create() to return early on failure.
Products Associated with CVE-2026-31646
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below e63265f188ea39dcf5f546770650027528f3bd0f is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 305832c53551cfbe6e5b81ca7ee765e60f4fe8e9 is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below b5dcb41ba891b55157006cac79825c78a32b409e is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 7caf90d9ab97951a58d1de85ab7e7d7cca7a4513 is affected.
- Version 11871aba19748b3387e83a2db6360aa7119e9a1a and below 3fd0da4fd8851a7e62d009b7db6c4a05b092bc19 is affected.
- Version 6.2 is affected.
- Before 6.2 is unaffected.
- Version 6.6.135, <= 6.6.* is unaffected.
- Version 6.12.82, <= 6.12.* is unaffected.
- Version 6.18.23, <= 6.18.* is unaffected.
- Version 6.19.13, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.