CVE-2026-31737 - Vulnerability Details

- net: ftgmac100: fix ring allocation unwind on open failure

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ftgmac100: fix ring allocation unwind on open failure

ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and
rx_scratch in stages. On intermediate failures it returned -ENOMEM
directly, leaking resources allocated earlier in the function.

Rework the failure path to use staged local unwind labels and free
allocated resources in reverse order before returning -ENOMEM. This
matches common netdev allocation cleanup style.

Published: 2026-05-01

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In Linux kernel's ftgmac100 network driver, ring allocation routine could leak memory when opening the device fails. The driver allocates several resources—rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch—in stages. On intermediate failures, the function returned -ENOMEM without freeing previously allocated memory, leading to a resource leak (CWE‑401). This leak can grow with repeated failures, potentially exhausting kernel memory and causing a denial of service.

Affected Systems

The vulnerability affects the ftgmac100 driver in the Linux kernel, which is used in devices that provide an Ethernet interface via the FTG MAC100 hardware. Any system running a kernel version that contains the unpatched ftgmac100 implementation, regardless of vendor, is potentially impacted. The precise version range is not specified but the fault was addressed in a commit that updates the kernel source.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is unavailable, so an exact severity rating cannot be given. However, the criticality stems from the possibility of gradual memory exhaustion if an attacker can repeatedly trigger the faulty open path. Since the flaw is in the kernel driver, local or privileged users who can force the device to open or unload the driver have the most direct means to exploit it. Because the issue is a resource leak rather than an immediate privilege escalation or code execution, the risk is more about availability than confidentiality or integrity. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< 184b3a500d60ea48d1b176103cff1706c456edf3
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< 78da43320d9d6ed788147fb085184e4fc801f057
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< a7e1bf392acf11dc4209820fef75758f6e42bd65
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< 8a71911fc7eeea930153322bc1efc065db8cd97e
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< d45230081f19c280096241353c26b0de457de795
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< 8351d18989c8642fc53e2e12d94e42314a39b078
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< 82f86111f0704ab2ded11a2033bc6cf0be3e09ea
`d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e`	affected	< c0fd0fe745f5e8c568d898cd1513d0083e46204a

Linux

affected

Version	Status	Constraints
`4.12`	affected	—
`0`	unaffected	< 4.12
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,184b3a500d60ea48d1b176103cff1706c456edf3)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,78da43320d9d6ed788147fb085184e4fc801f057)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,a7e1bf392acf11dc4209820fef75758f6e42bd65)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,8a71911fc7eeea930153322bc1efc065db8cd97e)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,d45230081f19c280096241353c26b0de457de795)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,8351d18989c8642fc53e2e12d94e42314a39b078)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,82f86111f0704ab2ded11a2033bc6cf0be3e09ea)`	affected	code_commit	—
`[d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e,c0fd0fe745f5e8c568d898cd1513d0083e46204a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.12`	affected	generic	—
`[0,4.12)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the commit fixing the ftgmac100 ring allocation unwind logic; the relevant commit hashes are listed in the advisory links.
If a kernel upgrade cannot be performed immediately, disable or isolate the ftgmac100 network interface so that the open path that triggers the allocation is not exercised.
Monitor kernel memory usage on systems that use the ftgmac100 driver, watching for abnormal growth in memory consumed by network drivers and consider applying memory limits or constraints.

Generated by OpenCVE AI on May 2, 2026 at 07:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/184b3a500d60ea48d1b176103cff1706c456edf3
https://git.kernel.org/stable/c/78da43320d9d6ed788147fb085184e4fc801f057
https://git.kernel.org/stable/c/82f86111f0704ab2ded11a2033bc6cf0be3e09ea
https://git.kernel.org/stable/c/8351d18989c8642fc53e2e12d94e42314a39b078
https://git.kernel.org/stable/c/8a71911fc7eeea930153322bc1efc065db8cd97e
https://git.kernel.org/stable/c/a7e1bf392acf11dc4209820fef75758f6e42bd65
https://git.kernel.org/stable/c/c0fd0fe745f5e8c568d898cd1513d0083e46204a
https://git.kernel.org/stable/c/d45230081f19c280096241353c26b0de457de795
https://lore.kernel.org/linux-cve-announce/2026050138-CVE-2026-31737-1078@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31737
https://www.cve.org/CVERecord?id=CVE-2026-31737

History

Sat, 02 May 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050138-CVE-2026-31737-1078@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31737 https://www.cve.org/CVERecord?id=CVE-2026-31737

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated earlier in the function. Rework the failure path to use staged local unwind labels and free allocated resources in reverse order before returning -ENOMEM. This matches common netdev allocation cleanup style.
Title		net: ftgmac100: fix ring allocation unwind on open failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/184b3a500d60ea48d1b176103cff1706c456edf3 https://git.kernel.org/stable/c/78da43320d9d6ed788147fb085184e4fc801f057 https://git.kernel.org/stable/c/82f86111f0704ab2ded11a2033bc6cf0be3e09ea https://git.kernel.org/stable/c/8351d18989c8642fc53e2e12d94e42314a39b078 https://git.kernel.org/stable/c/8a71911fc7eeea930153322bc1efc065db8cd97e https://git.kernel.org/stable/c/a7e1bf392acf11dc4209820fef75758f6e42bd65 https://git.kernel.org/stable/c/c0fd0fe745f5e8c568d898cd1513d0083e46204a https://git.kernel.org/stable/c/d45230081f19c280096241353c26b0de457de795

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:34.229Z

Updated: 2026-05-01T14:14:34.229Z

Reserved: 2026-03-09T15:48:24.137Z

Link: CVE-2026-31737

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:36.347

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31737

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31737 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T07:45:37Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object