CVE-2026-46110

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference can occur in the stmmac driver when RX memory is exhausted. The driver uses a shared ring array of DMA descriptors to coordinate between the CPU and MAC. The stmmac rx() and stmmac rx zc() functions process these descriptors by checking the own status flag. However, the driver fails to distinguish between a descriptor that is full (ready for processing) and one that is dirty (buffer is NULL because allocation failed in stmmac rx refill()). When memory starvation occurs and the cur rx index catches up to the dirty rx index, the system may attempt to process a dirty descriptor, leading to a kernel panic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.