7.5

CVE-2026-31552

EPSS 0.07%
Veröffentlicht 24.04.2026 14:33:19
Zuletzt bearbeitet 27.04.2026 20:15:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom

In the Linux kernel, the following vulnerability has been resolved:

wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom

Since upstream commit e75665dd0968 ("wifi: wlcore: ensure skb headroom
before skb_push"), wl1271_tx_allocate() and with it
wl1271_prepare_tx_frame() returns -EAGAIN if pskb_expand_head() fails.
However, in wlcore_tx_work_locked(), a return value of -EAGAIN from
wl1271_prepare_tx_frame() is interpreted as the aggregation buffer being
full. This causes the code to flush the buffer, put the skb back at the
head of the queue, and immediately retry the same skb in a tight while
loop.

Because wlcore_tx_work_locked() holds wl->mutex, and the retry happens
immediately with GFP_ATOMIC, this will result in an infinite loop and a
CPU soft lockup. Return -ENOMEM instead so the packet is dropped and
the loop terminates.

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 15 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10.250 < 5.10.253

Linux ≫ Linux Kernel Version >= 5.15.200 < 5.15.203

Linux ≫ Linux Kernel Version >= 6.1.163 < 6.1.167

Linux ≫ Linux Kernel Version >= 6.6.124 < 6.6.130

Linux ≫ Linux Kernel Version >= 6.12.70 < 6.12.78

Linux ≫ Linux Kernel Version >= 6.18.10 < 6.18.20

Linux ≫ Linux Kernel Version >= 6.19.1 < 6.19.10

Linux ≫ Linux Kernel Version6.19 Update-

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Linux ≫ Linux Kernel Version7.0 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://git.kernel.org/stable/c/980f793645540ca7a6318165cc12f49d5febeb99

Patch

https://git.kernel.org/stable/c/12f9eef39e49716c763714bfda835a733d5f6dea

Patch

https://git.kernel.org/stable/c/ceb46b40b021d21911ff8608ce4ed33c1264ad2f

Patch

https://git.kernel.org/stable/c/a6dc74209462c4fe5a88718d2f3a5286886081c8

Patch

https://git.kernel.org/stable/c/cfa64e2b3717be1da7c4c1aff7268a009e8c1610

Patch

https://git.kernel.org/stable/c/46c670ff1ff466e5eccb3940f726586473dc053c

Patch

https://git.kernel.org/stable/c/f2c06d718a7b85cbc59ceaa2ff3f46b178ac709c

Patch

https://git.kernel.org/stable/c/deb353d9bb009638b7762cae2d0b6e8fdbb41a69

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-31552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31552

EUVD