Linux Kernel Vulnerability in Bridge MRP that Can Cause System Memory Exhaustion
CVE-2026-31420

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-31420?

A vulnerability exists in the Linux kernel's bridge module, specifically in the MRP (Multiple Registration Protocol) implementation. The flaw arises when user-supplied interval values are accepted without appropriate validation, allowing an interval of zero to be provided. This leads to excessive allocation and transmission of MRP test frames, overwhelming system memory and triggering an out-of-memory (OOM) condition, which can result in a kernel panic. The proper mitigation involves using stricter validation rules within the netlink attribute parsing to reject zero intervals, preventing the system from entering a destructive loop that jeopardizes stability.

Affected Version(s)

Linux 20f6a05ef63594feb0c6dfbd629da0448b43124d

Linux 5.8

References

https://git.kernel.org/stable/c/c9bc352f716d1bebfe43354bc...

https://git.kernel.org/stable/c/fa6e24963342de4370e3a3c9a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31420 Data

JSON