AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-31552: In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if

infovulnerability

security

Source: NVD/CVE DatabaseApril 24, 2026CVE-2026-31552

Summary

A bug in the Linux kernel's WiFi driver (wlcore) causes an infinite loop and system freeze when memory allocation fails during packet transmission. The driver incorrectly returns -EAGAIN (a 'try again' error code) instead of -ENOMEM (an 'out of memory' error code) when there isn't enough buffer space, which tricks the system into repeatedly retrying the same packet in a tight loop while holding a lock (mutex, a mechanism that prevents multiple parts of code from running simultaneously).

Solution / Mitigation

Return -ENOMEM instead of -EAGAIN when pskb_expand_head() fails in wl1271_tx_allocate() and wl1271_prepare_tx_frame() functions, so the packet is dropped and the loop terminates properly.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

April 24, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31552

First tracked: April 24, 2026 at 02:06 PM

Classified by LLM (prompt v3) · confidence: 95%