CVE-2026-31661— wifi: brcmsmac: Fix dma_free_coherent() size

AI Predicted 5.5 Difficulty: Trivial EPSS 0.01% · P3 Updated May 15, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 18

Vendor	Product	Version Range	Status
Linux	Linux	`5b435de0d786869c95d1962121af0d7df2542009< f449676bab54fea1440775c8c915dadb323fe015`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 3c204a0fd079fa7a867151a47d830ad1c2db5177`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 0f87777b74bcce29b966ec42d9aa8f9edd9b1667`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 4bf41c2731a0549e21f66180ff780b1e036639ab`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 77263f053963dea9f3962505ac0c768853d7dc59`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< b27fa888e4a426a3bcf6f6ab24701d888d9bf5aa`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 01f1330d3d1bee07e0c42d40cc48b7be8b6dad84`	affected
		`5b435de0d786869c95d1962121af0d7df2542009< 12cd7632757a54ce586e36040210b1a738a0fc53`	affected
… +10 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-31661

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

wifi: brcmsmac: Fix dma_free_coherent() size

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_coherent() size dma_alloc_consistent() may change the size to align it. The new size is saved in alloced. Change the free size to match the allocation size.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于brcmsmac驱动中dma_free_coherent大小不匹配，可能导致内存损坏。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	5b435de0d786869c95d1962121af0d7df2542009 ~ f449676bab54fea1440775c8c915dadb323fe015	-
Linux	Linux	3.2	-

II. Public POCs for CVE-2026-31661

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-31661

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2026-31661

Same Patch Batch · Linux · 2026-04-24 · 138 CVEs total

CVE-2026-31609	9.8 CRITICAL	smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
CVE-2026-31608	9.8 CRITICAL	smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list
CVE-2026-31607	9.8 CRITICAL	usbip: validate number_of_packets in usbip_pack_ret_submit()
CVE-2026-31633	9.8 CRITICAL	rxrpc: Fix integer overflow in rxgk_verify_response()
CVE-2026-31669	9.8 CRITICAL	mptcp: fix slab-use-after-free in __inet_lookup_established
CVE-2026-31668	9.8 CRITICAL	seg6: separate dst_cache for input and output paths in seg6 lwtunnel
CVE-2026-31536	9.8 CRITICAL	smb: server: let send_done handle a completion without IB_SEND_SIGNALED
CVE-2026-31657	9.8 CRITICAL	batman-adv: hold claim backbone gateways by reference
CVE-2026-31637	9.8 CRITICAL	rxrpc: reject undecryptable rxkad response tickets
CVE-2026-31589	9.8 CRITICAL	mm: call ->free_folio() directly in folio_unmap_invalidate()
CVE-2026-31649	9.8 CRITICAL	net: stmmac: fix integer underflow in chain mode
CVE-2026-31659	9.8 CRITICAL	batman-adv: reject oversized global TT response buffers
CVE-2026-31636	9.1 CRITICAL	rxrpc: fix RESPONSE authenticator parser OOB read
CVE-2026-31622	8.8 HIGH	NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
CVE-2026-31558	8.8 HIGH	LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust
CVE-2026-31553	8.8 HIGH	KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()
CVE-2026-31588	8.8 HIGH	KVM: x86: Use scratch field in MMIO fragment to hold small write values
CVE-2026-31570	8.8 HIGH	can: gw: fix OOB heap access in cgw_csum_crc8_rel()
CVE-2026-31629	8.8 HIGH	nfc: llcp: add missing return after LLCP_CLOSED checks
CVE-2026-31611	8.6 HIGH	ksmbd: require 3 sub-authorities before reading sub_auth[2]

Showing top 20 of 138 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2026-31661

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-31661— wifi: brcmsmac: Fix dma_free_coherent() size

Possible ATT&CK Techniques 1AI

Affected Version Matrix 18

I. Basic Information for CVE-2026-31661

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-31661

III. Intelligence Information for CVE-2026-31661

Same Patch Batch · Linux · 2026-04-24 · 138 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-31661

Leave a comment