PatchSiren cyber security CVE debrief
CVE-2026-31494 Linux CVE debrief
A potential mismatch between the memory reserved for statistics and the amount of memory written in the Linux kernel's macb driver can result in an out-of-bounds write. The issue arises from the gem_get_ethtool_stats function, which indiscriminately copies data using the maximum number of queues, leading to a potential out-of-bounds write when the number of active queues is less than the maximum. This vulnerability has been resolved by making sure the copied size only considers the active number of queues. Users of affected Linux kernel versions should apply patches to mitigate this vulnerability.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-22
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-22
- Advisory updated
- 2026-07-14
Who should care
Users of Linux kernel versions 4.16.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply patches or mitigations as necessary.
Technical summary
The Linux kernel's macb driver is vulnerable to an out-of-bounds write due to a mismatch between the memory reserved for statistics and the amount of memory written. The gem_get_ethtool_stats function copies data using the maximum number of queues, which can lead to an out-of-bounds write when the number of active queues is less than the maximum. This issue has been resolved by making sure the copied size only considers the active number of queues.
Defensive priority
High priority should be given to patching Linux kernel versions 4.16.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7.
Recommended defensive actions
- Apply patches from Linux kernel stable branches
- Inventory Linux kernel versions for potential exposure
- Monitor for potential out-of-bounds write attempts
- Consider compensating controls for affected systems
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-04-22T14:16:47.293Z and was last modified on 2026-07-14T13:18:43.183Z. The NVD entry is currently Modified. This information is based on the supplied source corpus and has not been independently verified. Defenders should verify the accuracy of this information with official sources.
Official resources
-
CVE-2026-31494 CVE record
CVE.org
-
CVE-2026-31494 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:47.293Z and has not been modified since then. The NVD entry is currently Modified.