Quanyang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A problem in the macb driver occurs when transmit is disabled, as the transmit buffer queue pointer resets to the address specified by the transmit buffer queue base address register. The current implementation only resets `queue->tx head` and `queue->tx tail` to '0', which leads to several issues: packets already queued in the tx ring are silently lost causing memory leaks, concurrent write access to `queue->tx head` and `queue->tx tail` may occur from `macb tx poll()` or `macb start xmit()`, and transmission may become stuck on a packet that has been sent but not processed. This happens because `macb tx poll()` incorrectly assumes no packets need handling when `queue->tx head` equals `queue->tx tail`. **Recommendations** Shuffle the tx ring and tx skb array to position the first unsent packet at the start of the tx ring and ensure updates to `queue->tx head` and `queue->tx tail` are protected with the appropriate lock.