CVE-2026-46031 Linux CVE debrief

Who should care

Linux system administrators running kernels with KS8851 Ethernet hardware, particularly those using CONFIG_PREEMPT_RT real-time kernels. Embedded systems developers utilizing KS8851 chips for network connectivity. Kernel maintainers responsible for stable branch backports.

Technical summary

The KS8851 Ethernet driver in the Linux kernel contains a deadlock condition triggered by improper bottom-half (BH) handling during IRQ processing. The vulnerability manifests when: (1) ks8851_irq() executes and holds the ks->statelock spinlock; (2) TX packet transmission via netif_wake_queue() schedules TX softirq; (3) RX packet processing calls netdev_alloc_skb_ip_align() which invokes local_bh_enable(); (4) the enabled BH triggers net_tx_action() softirq, which calls ks8851_start_xmit_par(); (5) ks8851_start_xmit_par() attempts to acquire ks->statelock, already held by ks8851_irq(). This creates a recursive lock acquisition deadlock. The fix disables BH around critical sections in the IRQ handler using local_bh_disable()/local_bh_enable(), ensuring softirq processing occurs only after all IRQ handler actions complete and locks are released.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches: 21f1707a8e978558dcb11b053855521e32ac0eec, 518040324067d8efaa2da1992297b7e7bf5640f4, 5c9fcac3c872224316714d0d8914d9af16c76a6d, 640a7631d31db87d5fa1b34cea44a99b6e78854b, be8aad558
• Monitor kernel logs for deadlock traces involving ks8851_start_xmit_par and ks8851_irq
• If running CONFIG_PREEMPT_RT kernels with KS8851 hardware, prioritize patching due to increased deadlock risk
• Consider disabling KS8851 driver if hardware is not required and patching is not immediately feasible

Evidence notes

Vulnerability description and fix details sourced from official CVE record and NVD entry. Kernel commit references provided in source metadata confirm patch availability across stable branches.

Official resources