CVE-2026-31670

MEDIUM

net: rfkill: prevent unlimited numbers of rfkill events from being created

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (36)
linux/Kernel 2.6.31 - 5.10.253linux
linux/Kernel 5.11.0 - 5.15.203linux
linux/Kernel 5.16.0 - 6.1.169linux
linux/Kernel 6.13.0 - 6.18.23linux
linux/Kernel 6.19.0 - 6.19.13linux
linux/Kernel 6.2.0 - 6.6.135linux
linux/Kernel 6.7.0 - 6.12.82linux
Linux/Linux < 2.6.31
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 673d2a3eef6e0ee9736501a150c9e4024a4e60a6
... and 26 more
Published Apr 24, 2026
Tracked Since Apr 24, 2026