CVE-2026-31631

HIGH

rxrpc: Fix buffer overread in rxgk_do_verify_authenticator()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() Fix rxgk_do_verify_authenticator() to check the buffer size before checking the nonce.

References (3)

https://git.kernel.org/stable/c/794586789800b16dcbe235452494f4223ac80413

https://git.kernel.org/stable/c/1c4422d8be81718ecb15d79aedff607323085201

https://git.kernel.org/stable/c/f564af387c8c28238f8ebc13314c589d7ba8475d

Scores

CVSS v3 8.2

EPSS 0.0005

EPSS Percentile 15.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Details

CWE

CWE-787

Status published

Products (11)

Linux/Linux < 6.16

Linux/Linux 6.16

Linux/Linux 6.18.23 - 6.18.*

Linux/Linux 6.19.13 - 6.19.*

Linux/Linux 7.0

Linux/Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a - 1c4422d8be81718ecb15d79aedff607323085201

Linux/Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a - 794586789800b16dcbe235452494f4223ac80413

Linux/Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a - f564af387c8c28238f8ebc13314c589d7ba8475d

linux/linux_kernel 6.16

linux/linux_kernel 7.0 rc1 (7 CPE variants)

... and 1 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026