Denial of Service Vulnerability in Linux Kernel IPv6 Component
CVE-2026-31415

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-31415?

A vulnerability in the Linux kernel's IPv6 component can lead to a denial of service condition. This flaw arises from a mismatch between a 16-bit length accumulator and a pointer to the destination-options header when multiple IPV6_DSTOPTS control messages are processed. The lack of duplicate rejection for these messages allows for an overflow in the length accumulator, potentially causing the kernel to panic, leading to a system crash. Users with appropriate capabilities can exploit this vulnerability, creating a local denial of service, especially under specific namespace configurations.

Affected Version(s)

Linux 333fad5364d6b457c8d837f7d05802d2aaf8a961 < 0bdaf54d3aaddfe8df29371260fa8d4939b4fd6f

Linux 333fad5364d6b457c8d837f7d05802d2aaf8a961 < 5e4ee5dbea134e9257f205e31a96040bed71e83f

Linux 333fad5364d6b457c8d837f7d05802d2aaf8a961 < 63fda74885555e6bd1623b5d811feec998740ba4

References

https://git.kernel.org/stable/c/0bdaf54d3aaddfe8df2937126...

https://git.kernel.org/stable/c/5e4ee5dbea134e9257f205e31...

https://git.kernel.org/stable/c/63fda74885555e6bd1623b5d8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31415 Data

JSON