Description

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI descriptor. In both emac_rx_packet() and emac_rx_packet_zc(), the descriptor is freed via k3_cppi_desc_pool_free() before the psdata pointer is used by emac_rx_timestamp(), which dereferences psdata[0] and psdata[1]. This constitutes a use-after-free on every received packet that goes through the timestamp path. Defer the descriptor free until after all accesses through the psdata pointer are complete. For emac_rx_packet(), move the free into the requeue label so both early-exit and success paths free the descriptor after all accesses are done. For emac_rx_packet_zc(), move the free to the end of the loop body after emac_dispatch_skb_zc() (which calls emac_rx_timestamp()) has returned.

INFO

Published Date :

2026-04-22T13:54:21.749Z

Last Modified :

2026-04-22T13:54:21.749Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31501 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31501.

URL Resource
https://git.kernel.org/stable/c/d5827316debcb677679bb014885d7be92c410e11 cve-icon cve-icon
https://git.kernel.org/stable/c/eb8c426c9803beb171f89d15fea17505eb517714 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042205-CVE-2026-31501-113b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31501 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31501 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System