{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31658", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.129Z", "datePublished": "2026-04-24T14:45:09.566Z", "dateUpdated": "2026-05-11T22:13:05.042Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:13:05.042Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()\n\nWhen dma_map_single() fails in tse_start_xmit(), the function returns\nNETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the\nstack the packet was consumed, the skb is never freed, leaking memory\non every DMA mapping failure.\n\nAdd dev_kfree_skb_any() before returning to properly free the skb."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/altera/altera_tse_main.c"], "versions": [{"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "ae2cd46f57f422b51aedd406ff5d75cbff401d5d", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "cb1d318702fdf643061350d164250198df4116f2", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "d5ec406f0543bd6cdfd563b08015fdec8c4d5712", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "2eb9d67704ca8f1101f7435b85f113ede471f9f2", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "9f3ec44aeb58501d11834048d5d0dbaeacb6d4e7", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "60f462cd2716d86bd2174f9d5e035c9278f30480", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "3aca300e88afe56afb000cdc4c65383014fb17f9", "status": "affected", "versionType": "git"}, {"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a", "lessThan": "6dede3967619b5944003227a5d09fdc21ed57d10", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/altera/altera_tse_main.c"], "versions": [{"version": "3.15", "status": "affected"}, {"version": "0", "lessThan": "3.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.169", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.135", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.82", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.23", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.13", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.1.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.6.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.12.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.18.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.19.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ae2cd46f57f422b51aedd406ff5d75cbff401d5d"}, {"url": "https://git.kernel.org/stable/c/cb1d318702fdf643061350d164250198df4116f2"}, {"url": "https://git.kernel.org/stable/c/d5ec406f0543bd6cdfd563b08015fdec8c4d5712"}, {"url": "https://git.kernel.org/stable/c/2eb9d67704ca8f1101f7435b85f113ede471f9f2"}, {"url": "https://git.kernel.org/stable/c/9f3ec44aeb58501d11834048d5d0dbaeacb6d4e7"}, {"url": "https://git.kernel.org/stable/c/60f462cd2716d86bd2174f9d5e035c9278f30480"}, {"url": "https://git.kernel.org/stable/c/3aca300e88afe56afb000cdc4c65383014fb17f9"}, {"url": "https://git.kernel.org/stable/c/6dede3967619b5944003227a5d09fdc21ed57d10"}], "title": "net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA21F47A-22D3-42CD-9040-94231664F332", "versionEndExcluding": "5.10.253", "versionStartIncluding": "3.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451", "versionEndExcluding": "6.1.169", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15C1A1B2-14EE-494C-AF3E-D5A7BA640B39", "versionEndExcluding": "6.6.135", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02904CAE-71D2-45B3-9EC3-F6A9D18B6307", "versionEndExcluding": "6.12.82", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F", "versionEndExcluding": "6.18.23", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1490EF9B-9080-481C-8D22-1306AAE664E4", "versionEndExcluding": "6.19.13", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:-:*:*:*:*:*:*", "matchCriteriaId": "F138B0D1-8A71-47E3-B203-17061370DFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()\n\nWhen dma_map_single() fails in tse_start_xmit(), the function returns\nNETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the\nstack the packet was consumed, the skb is never freed, leaking memory\non every DMA mapping failure.\n\nAdd dev_kfree_skb_any() before returning to properly free the skb."}], "id": "CVE-2026-31658", "lastModified": "2026-04-27T20:17:08.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:45.337", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2eb9d67704ca8f1101f7435b85f113ede471f9f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3aca300e88afe56afb000cdc4c65383014fb17f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/60f462cd2716d86bd2174f9d5e035c9278f30480"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dede3967619b5944003227a5d09fdc21ed57d10"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f3ec44aeb58501d11834048d5d0dbaeacb6d4e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae2cd46f57f422b51aedd406ff5d75cbff401d5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cb1d318702fdf643061350d164250198df4116f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d5ec406f0543bd6cdfd563b08015fdec8c4d5712"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()", "id": "2461535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461535"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's net: altera-tse network driver. When a Direct Memory Access (DMA) mapping error occurs in the tse_start_xmit() function, the system fails to free the allocated socket buffer (skb). This oversight causes a memory leak with each DMA mapping failure, potentially leading to resource exhaustion and a Denial of Service (DoS) condition."], "name": "CVE-2026-31658", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31658\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31658\nhttps://lore.kernel.org/linux-cve-announce/2026042402-CVE-2026-31658-a6d5@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,ae2cd46f57f422b51aedd406ff5d75cbff401d5d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,cb1d318702fdf643061350d164250198df4116f2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,d5ec406f0543bd6cdfd563b08015fdec8c4d5712)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,2eb9d67704ca8f1101f7435b85f113ede471f9f2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,9f3ec44aeb58501d11834048d5d0dbaeacb6d4e7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,60f462cd2716d86bd2174f9d5e035c9278f30480)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,3aca300e88afe56afb000cdc4c65383014fb17f9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bbd2190ce96d8fce031f0526c1f970b68adc9d1a,6dede3967619b5944003227a5d09fdc21ed57d10)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.253,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.169,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.135,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.82,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.23,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.13,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T13:45:45.833640+00:00", "value": {"mitigation_remediation": ["Upgrade to a kernel version that includes the Altera TSE driver fix, such as applying the latest stable release or a backported patch containing commit 2eb9d677.", "If a kernel upgrade is not immediately possible, manually apply the provided patch to the driver source (insert dev_kfree_skb_any() before returning on DMA mapping failure) or rebuild the module with the corrected code.", "After installing the patch or new kernel, monitor kernel memory usage during typical network operation to confirm that skb leaks no longer occur and that memory consumption remains stable."], "summary": {"action": "Update Kernel", "impact": "Memory Leak (kernel memory exhaustion potential)"}, "threat_synthesis": {"affected_systems": "The issue occurs in all Linux kernel releases from version 3.15 onward, including every 7.0 release candidate (rc1 through rc7). It specifically targets the \"net: altera\u2011tse\" driver that comes built into the kernel or is loaded as a module for devices using Altera TSE network hardware.\n", "description_and_impact": "The flaw is in the Altera TSE networking driver for Linux. When a DMA mapping request fails inside tse_start_xmit(), the driver erroneously returns NETDEV_TX_OK and leaves the socket buffer (skb) allocated. The kernel\u2019s networking stack then assumes the packet was successfully transmitted and never frees the skb, creating a memory leak. This weakness is a CWE-401 Unreleased Resource and also fits CWE-772 Unreleased Resource due to failure of proper cleanup. The result is incremental kernel memory consumption that can culminate in exhaustion, degraded performance, or a denial\u2011of\u2011service condition. The vulnerability does not grant code execution or privilege escalation.\n", "risk_and_exploitability": "The CVSS base score of 5.5 reflects moderate severity, while an EPSS score of less than 1% indicates a very low likelihood of exploitation. Attackers would need to supply network traffic that repeatedly triggers DMA mapping failures to exploit the memory leak. The attack vector is inferred from the normal operation of the driver; it is not explicitly stated in the description.\n"}}}}, "created": "2026-04-27T21:00:11.886404+00:00", "updated": "2026-04-28T14:00:16.478044+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}