CVE-2026-31670
MEDIUMnet: rfkill: prevent unlimited numbers of rfkill events from being created
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.
References (10)
Core 10
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019113.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (36)
linux/Kernel
2.6.31 - 5.10.253linux
linux/Kernel
5.11.0 - 5.15.203linux
linux/Kernel
5.16.0 - 6.1.169linux
linux/Kernel
6.13.0 - 6.18.23linux
linux/Kernel
6.19.0 - 6.19.13linux
linux/Kernel
6.2.0 - 6.6.135linux
linux/Kernel
6.7.0 - 6.12.82linux
Linux/Linux
< 2.6.31
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 673d2a3eef6e0ee9736501a150c9e4024a4e60a6
... and 26 more
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026