CVE-2026-43031
Buffer Overflow in Xilinx AXI Ethernet Driver
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xilinx | axienet | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's xilinx axienet network driver related to how it handles transmit (TX) packets that span multiple buffer descriptors (scatter-gather). Specifically, the function axienet_free_tx_chain incorrectly sums the lengths of each buffer descriptor's data during transmission. Because the sum is reset on each NAPI poll and packets can complete across multiple polls, some bytes are never credited properly to the Byte Queue Limits (BQL) accounting. This causes BQL to mistakenly believe that some bytes are still in-flight indefinitely, which eventually stalls the transmit queue.
The fix involves using the skb->len (socket buffer length) from the last buffer descriptor of a packet instead of summing the lengths from each descriptor. This approach aligns with how netdev_sent_queue() debits bytes and ensures accurate accounting across polls, preventing the TX queue from stalling.
How can this vulnerability impact me? :
This vulnerability can cause the transmit (TX) queue in the network driver to stall because the Byte Queue Limits (BQL) accounting incorrectly believes that some bytes are still in transmission when they are not. As a result, network transmission performance may degrade or halt, potentially leading to network communication issues or reduced throughput on affected systems using the xilinx axienet driver.