CVE-2026-31494
Out-of-Bounds Write in Linux macb Driver Causes Memory Corruption
Publication date: 2026-04-22
Last updated on: 2026-04-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 4.16 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 5.11 (inc) to 5.15.203 (exc) |
| linux | linux_kernel | From 4.16.1 (inc) to 5.10.253 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.168 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.131 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The out-of-bounds write caused by this vulnerability can lead to memory corruption in the kernel. This can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges. Such impacts can compromise the security and reliability of the affected system.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's macb network driver. It involves a mismatch between the memory reserved for statistics and the amount of memory actually written. Specifically, the function gem_get_sset_count() correctly calculates the number of statistics based on the active queues, but gem_get_ethtool_stats() copies data using the maximum number of queues regardless of how many are active. If the number of active queues is less than the maximum, this causes an out-of-bounds (OOB) write, which can lead to memory corruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing KASAN (Kernel Address Sanitizer) reports indicating out-of-bounds (OOB) writes related to the macb network driver statistics collection.
Specifically, look for kernel logs showing errors such as "KASAN: vmalloc-out-of-bounds in gem_get_ethtool_stats" and related stack traces involving the macb driver.
To detect this on your system, you can use the following commands:
- Check kernel logs for KASAN errors: `dmesg | grep -i kasan`
- Check for ethtool statistics calls that might trigger the bug: `ethtool -S <interface>` (replace `<interface>` with your network interface name)
- Monitor kernel logs for any OOB write or memory corruption messages related to macb or ethtool.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Linux kernel to a version where this vulnerability is fixed.
The fix involves ensuring that the copied size for statistics only considers the active number of queues, preventing out-of-bounds writes.
Until the kernel is updated, avoid running commands or operations that trigger ethtool statistics collection on macb interfaces, as this may cause memory corruption.
Additionally, monitor your system logs for any signs of KASAN errors and consider disabling or limiting the use of affected network interfaces if possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.