net: mvpp2: refill RX buffers before XDP or skb use

Summary

CVE	CVE-2026-53215
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-25 09:16:39 UTC
Updated	2026-06-25 09:16:39 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2_rx_refill() can fail after the current buffer has been handed to XDP or attached to an skb. In those cases mvpp2_run_xdp() may have recycled, redirected, or queued the page for XDP_TX, and an skb free also retires the data buffer. Returning such a buffer to BM lets hardware DMA into memory that is no longer owned by the RX ring. Refill the BM pool before handing the current buffer to XDP or to the skb. If the allocation fails there, drop the packet and return the still-owned current buffer to BM, preserving the pool depth. Once the refill succeeds, later local drops retire/free the current buffer instead of returning it to BM.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc a88b3293b556f4d8fba11db9a8061a6b0d3b69e6 git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc a03cdcedb2cbcc42551dc3e4746929e93c5352d5 git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc 580f92f27cb8724bcc4be98ee89890eab524a2ae git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc d0c8c4fbd22d260fe28530260656c5fb3c20ce84 git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc 8a2126c5afe89f8ceeb60a3afb9f075b736194cd git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc 02e1b5c4d3b4c658b72c145427cded1bba613fc1 git	Not specified
CNA	Linux	Linux	affected 07dd0a7aae7f72af7cec18909581c2bb570edddc 5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6 git	Not specified
CNA	Linux	Linux	affected 95a936364f2685e9e040c6b179b553604d96de22 git	Not specified
CNA	Linux	Linux	affected fba2cf348d9eb50b2049a73cc09313dab6d293f1 git	Not specified
CNA	Linux	Linux	affected 5.7.15 5.8 semver	Not specified
CNA	Linux	Linux	affected 5.8.2 5.9 semver	Not specified
CNA	Linux	Linux	affected 5.9	Not specified
CNA	Linux	Linux	unaffected 5.9 semver	Not specified
CNA	Linux	Linux	unaffected 5.15.210 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.176 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.143 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.94 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.36 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.13 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.