CVE-2026-45940 | net: stmmac: fix oops when split header is enabled

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix oops when split header is enabled For GMAC4, when split header is enabled, in some rare cases, the hardware does not fill buf2 of the first descriptor with payload. Thus we cannot assume buf2 is always fully filled if it is not the last descriptor. Otherwise, the length of buf2 of the second descriptor will be calculated wrong and cause an oops: Unable to handle kernel paging request at virtual address ffff00019246bfc0 ... x2 : 0000000000000040 x1 : ffff00019246bfc0 x0 : ffff00009246c000 Call trace: dcache_inval_poc+0x28/0x58 (P) dma_direct_sync_single_for_cpu+0x38/0x6c __dma_sync_single_for_cpu+0x34/0x6c stmmac_napi_poll_rx+0x8f0/0xb60 __napi_poll.constprop.0+0x30/0x144 net_rx_action+0x160/0x274 handle_softirqs+0x1b8/0x1fc ... To fix this, the PL bit-field in RDES3 register is used for all descriptors, whether it is the last descriptor or not.

Published: 2026-05-27 Last update: 2026-05-27 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-45940 is rated Low Risk (4.3/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-45940

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-28	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-45940

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-45940

GitHub Security Advisory for CVE-2026-45940

GHSA-fr2g-jcmh-j266 · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix oops when...

OS Trackers for CVE-2026-45940

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-45940 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 3, resolved 2.	https://security-tracker.debian.org/tracker/CVE-2026-45940
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2026-45940
`suse`	—	—	https://www.suse.com/security/cve/CVE-2026-45940/
`ubuntu`	medium	CVE-2026-45940 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 169, needed 111, released 84, not-affected 33, needs-triage 1.	https://ubuntu.com/security/CVE-2026-45940

Affected software / configurations for CVE-2026-45940

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-45940

URL	Tags
https://git.kernel.org/stable/c/36f81cb7d82e9614a7058da6abdf2e3a03993df1
https://git.kernel.org/stable/c/b1f23df09e7dbf4c86b6908dff7efb8cb2b7d609
https://git.kernel.org/stable/c/babab1b42ed68877ef669a08384becf281ad2582

cvelogic Threat Intelligence