PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31494 Linux CVE debrief

A potential mismatch between the memory reserved for statistics and the amount of memory written in the Linux kernel's macb driver can result in an out-of-bounds write. The issue arises from the gem_get_ethtool_stats function, which indiscriminately copies data using the maximum number of queues, leading to a potential out-of-bounds write when the number of active queues is less than the maximum. This vulnerability has been resolved by making sure the copied size only considers the active number of queues. Users of affected Linux kernel versions should apply patches to mitigate this vulnerability.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-07-14
Advisory published
2026-04-22
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 4.16.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply patches or mitigations as necessary.

Technical summary

The Linux kernel's macb driver is vulnerable to an out-of-bounds write due to a mismatch between the memory reserved for statistics and the amount of memory written. The gem_get_ethtool_stats function copies data using the maximum number of queues, which can lead to an out-of-bounds write when the number of active queues is less than the maximum. This issue has been resolved by making sure the copied size only considers the active number of queues.

Defensive priority

High priority should be given to patching Linux kernel versions 4.16.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7.

Recommended defensive actions

  • Apply patches from Linux kernel stable branches
  • Inventory Linux kernel versions for potential exposure
  • Monitor for potential out-of-bounds write attempts
  • Consider compensating controls for affected systems
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-04-22T14:16:47.293Z and was last modified on 2026-07-14T13:18:43.183Z. The NVD entry is currently Modified. This information is based on the supplied source corpus and has not been independently verified. Defenders should verify the accuracy of this information with official sources.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:47.293Z and has not been modified since then. The NVD entry is currently Modified.