Buffer Overread Vulnerability in Linux Kernel Affecting Multiple Distributions
CVE-2026-31631

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31631?

A vulnerability exists in the Linux kernel related to the rxrpc module, specifically within the rxgk_do_verify_authenticator function. This vulnerability allows for buffer overreads by not adequately checking buffer sizes before verifying nonces, which can lead to unauthenticated access and potential disclosure of sensitive information. Remedial measures have been implemented to ensure proper validation of buffer sizes in affected versions.

Affected Version(s)

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 794586789800b16dcbe235452494f4223ac80413

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 1c4422d8be81718ecb15d79aedff607323085201

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a

References

https://git.kernel.org/stable/c/794586789800b16dcbe235452...

https://git.kernel.org/stable/c/1c4422d8be81718ecb15d79ae...

https://git.kernel.org/stable/c/f564af387c8c28238f8ebc133...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31631 Data

JSON