CVE-2026-31649 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel net: stmmac - Integer Overflow
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel net: stmmac contains an integer underflow caused by incorrect length calculation in jumbo_frm chain mode, letting attackers cause kernel memory disclosure and potential corruption, exploit requires crafted network packets.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause kernel memory disclosure and potential memory corruption, risking system stability and data confidentiality.
Mitigation
Update to the latest Linux kernel version containing the fix for this integer underflow in stmmac chain mode.
References
- https://git.kernel.org/stable/c/51f4e090b9f87b40c21b6daadb5c06e6c0a07b67
- https://git.kernel.org/stable/c/6fca757c20396dc2e604dcc61922264e9e3dc803
- https://git.kernel.org/stable/c/a2b68a9a476b9544ff31f1fbcd5d80867a8a5e2f
- https://git.kernel.org/stable/c/b7b8012193fd98236d7ae05d4b553f010a77b2ef
- https://git.kernel.org/stable/c/10d12b9240ebf96c785f0e2e4228318cd5f3a3eb
- https://git.kernel.org/stable/c/275bdf762e82082f064e60a92448fa2ac43cf95b
- https://git.kernel.org/stable/c/2c91b39912278d0878f9ba60ba04d2518b18a08d
- https://git.kernel.org/stable/c/513e06735f5be575b409d195822195348b164e48
Related Resources
Details
- CVE ID
- CVE-2026-31649
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- integer_overflow
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H