HOMEVULNERABILITIESCVE-2026-31691
NONE

CVE-2026-31691

Published: April 27, 2026· Updated: Apr 27, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

igb: remove napi_synchronize() in igb_down()

When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9),

the XSK buffer pool is destroyed but NAPI polling continues.

igb_clean_rx_irq_zc() repeatedly returns the full budget, preventing

napi_complete_done() from clearing NAPI_STATE_SCHED.

igb_down() calls napi_synchronize() before napi_disable() for each queue

vector. napi_synchronize() spins waiting for NAPI_STATE_SCHED to clear,

which never happens. igb_down() blocks indefinitely, the TX watchdog

fires, and the TX queue remains permanently stalled.

napi_disable() already handles this correctly: it sets NAPI_STATE_DISABLE.

After a full-budget poll, __napi_poll() checks napi_disable_pending(). If

set, it forces completion and clears NAPI_STATE_SCHED, breaking the loop

that napi_synchronize() cannot.

napi_synchronize() was added in commit 41f149a285da ("igb: Fix possible

panic caused by Rx traffic arrival while interface is down").

napi_disable() provides stronger guarantees: it prevents further

scheduling and waits for any active poll to exit.

Other Intel drivers (ixgbe, ice, i40e) use napi_disable() without a

preceding napi_synchronize() in their down paths.

Remove redundant napi_synchronize() call and reorder napi_disable()

before igb_set_queue_napi() so the queue-to-NAPI mapping is only

cleared after polling has fully stopped.

NVD Source

Technical Analysis

CVE-2026-31691 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-31691
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31691 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.