Integer Overflow Vulnerability in Linux Kernel Affecting rxrpc Protocol
CVE-2026-31633

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31633?

A vulnerability has been identified in the Linux kernel's rxrpc protocol, where an integer overflow can occur in the rxgk_verify_response() function. This issue arises from the improper handling of token lengths, allowing a potential bypass of length checks. Specifically, the token_len is rounded up before being compared against a defined length, which is constrained to fit the response within a single UDP packet. This flaw has been addressed by ensuring that the unrounded token length is appropriately checked against the specified limits, thereby enhancing the security of the protocol.

Affected Version(s)

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 1f864d9daaf622aeaa774404fd51e7d6a435b046

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 699e52180f4231c257821c037ed5c99d5eb0edb8

References

https://git.kernel.org/stable/c/1f864d9daaf622aeaa774404f...

https://git.kernel.org/stable/c/c1e242beb6b1efc3c286f617e...

https://git.kernel.org/stable/c/699e52180f4231c257821c037...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31633 Data

JSON