{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: brcmsmac: Fix dma_free_coherent() size",
    "id" : "2461488",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461488"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-763",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: brcmsmac: Fix dma_free_coherent() size\ndma_alloc_consistent() may change the size to align it. The new size is\nsaved in alloced.\nChange the free size to match the allocation size.", "A flaw was found in the Linux kernel's brcmsmac Wi-Fi driver. This vulnerability arises from an incorrect size used during memory deallocation (dma_free_coherent) that does not match the size allocated (dma_alloc_consistent), which may be adjusted for alignment. An attacker could potentially exploit this memory mismatch, leading to memory corruption. This could result in a denial of service or other unpredictable system behavior." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31661\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31661\nhttps://lore.kernel.org/linux-cve-announce/2026042404-CVE-2026-31661-16ae@gregkh/T" ],
  "name" : "CVE-2026-31661",
  "csaw" : false
}