CVE-2026-31505

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the iavf driver where the iavf get ethtool stats() function incorrectly uses the num active queues variable, while iavf get sset count() and iavf get stat strings() use real num tx queues. This inconsistency can trigger out-of-bounds writes when changing channels and requesting statistics simultaneously, as the value of real num tx queues can change during runtime.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.