CVE-2026-31645

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequent fdma_alloc_coherent() call fails, leaking the pool. Similarly, lan966x_fdma_init() frees the coherent DMA memory when lan966x_fdma_tx_alloc() fails but does not destroy the page pool that was successfully created by lan966x_fdma_rx_alloc(), leaking it. Add the missing page_pool_destroy() calls in both error paths.

References

https://git.kernel.org/stable/c/73e940c4249dc5ec6422d1fae535d192fb125955

https://git.kernel.org/stable/c/4941e234cfd67ac911fb259642b453f9f76aac41

https://git.kernel.org/stable/c/22e1ee9f22b5c3bb702bb6d4167d770002a85b2b

https://git.kernel.org/stable/c/076344a6ad9d1308faaed1402fdcfdda68b604ab

Details

Source: Mitre, NVD

Published: 2026-04-24

Updated: 2026-04-24

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium