CVE-2026-31737
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, the ftgmac100 driver had a memory leak vulnerability during ring allocation on network interface open failure. The ftgmac100_alloc_rings() function did not free previously allocated resources (rx_skbs, tx_skbs, rxdes, txdes, rx_scratch) on error, causing memory leaks.
Risk Assessment
The risk is potential kernel memory exhaustion from repeated failed interface open attempts, leading to a denial of service (DoS) on the system.
Recommendation
Immediately update the Linux kernel to a version containing the fix that properly releases resources on allocation failures.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated earlier in the function. Rework the failure path to use staged local unwind labels and free allocated resources in reverse order before returning -ENOMEM. This matches common netdev allocation cleanup style.

