Response Authenticator Oversize Check in Linux Kernel
CVE-2026-31635

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31635?

A vulnerability in the Linux kernel allows oversized RESPONSE authenticators to be accepted without proper length checks. The function rxgk_verify_response() fails to validate the authenticator's length against the remaining packet payload, which can result in buffer overflows during decryption processes. As a consequence, the system may reach an unstable state, exposing it to potential attacks. Developers are advised to ensure that authenticator lengths do not exceed packet limits to mitigate the risks associated with this flaw.

Affected Version(s)

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a

References

https://git.kernel.org/stable/c/beee051f259acd286fed64c32...

https://git.kernel.org/stable/c/e2f1a80d8b1ed6a5ae585a399...

https://git.kernel.org/stable/c/a2567217ade970ecc458144b6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31635 Data

JSON