Description
In the Linux kernel, the following vulnerability has been resolved:

net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

When dma_map_single() fails in tse_start_xmit(), the function returns
NETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the
stack the packet was consumed, the skb is never freed, leaking memory
on every DMA mapping failure.

Add dev_kfree_skb_any() before returning to properly free the skb.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Leak (kernel memory exhaustion potential)
Action: Update Kernel
AI Analysis

Impact

The flaw is in the Altera TSE networking driver for Linux. When a DMA mapping request fails inside tse_start_xmit(), the driver erroneously returns NETDEV_TX_OK and leaves the socket buffer (skb) allocated. The kernel’s networking stack then assumes the packet was successfully transmitted and never frees the skb, creating a memory leak. This weakness is a CWE-401 Unreleased Resource and also fits CWE-772 Unreleased Resource due to failure of proper cleanup. The result is incremental kernel memory consumption that can culminate in exhaustion, degraded performance, or a denial‑of‑service condition. The vulnerability does not grant code execution or privilege escalation.

Affected Systems

The issue occurs in all Linux kernel releases from version 3.15 onward, including every 7.0 release candidate (rc1 through rc7). It specifically targets the "net: altera‑tse" driver that comes built into the kernel or is loaded as a module for devices using Altera TSE network hardware.

Risk and Exploitability

The CVSS base score of 5.5 reflects moderate severity, while an EPSS score of less than 1% indicates a very low likelihood of exploitation. Attackers would need to supply network traffic that repeatedly triggers DMA mapping failures to exploit the memory leak. The attack vector is inferred from the normal operation of the driver; it is not explicitly stated in the description.

Generated by OpenCVE AI on April 28, 2026 at 13:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the Altera TSE driver fix, such as applying the latest stable release or a backported patch containing commit 2eb9d677.
  • If a kernel upgrade is not immediately possible, manually apply the provided patch to the driver source (insert dev_kfree_skb_any() before returning on DMA mapping failure) or rebuild the module with the corrected code.
  • After installing the patch or new kernel, monitor kernel memory usage during typical network operation to confirm that skb leaks no longer occur and that memory consumption remains stable.

Generated by OpenCVE AI on April 28, 2026 at 13:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4606-1 linux security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Mon, 27 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:3.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() When dma_map_single() fails in tse_start_xmit(), the function returns NETDEV_TX_OK without freeing the skb. Since NETDEV_TX_OK tells the stack the packet was consumed, the skb is never freed, leaking memory on every DMA mapping failure. Add dev_kfree_skb_any() before returning to properly free the skb.
Title net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:13:05.042Z

Reserved: 2026-03-09T15:48:24.129Z

Link: CVE-2026-31658

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:45.337

Modified: 2026-04-27T20:17:08.833

Link: CVE-2026-31658

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31658 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:00:16Z

Weaknesses