Out-of-Bounds Read in Linux Kernel's RXRPC Module
CVE-2026-31636

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31636?

A vulnerability exists in the RXRPC module of the Linux kernel that allows an out-of-bounds read due to improper handling of the RESPONSE authenticator parser. The function rxgk_verify_authenticator() incorrectly calculates the parser limit, resulting in a potentially exploitable memory read past the allocated buffer. This can lead to unauthorized access or information disclosure, highlighting the need for timely updates and security patches in affected Linux kernel versions.

Affected Version(s)

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 7875f3d9777bd4e9892c4db830571ab8ac2044c0

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 20a188775a9a9982d1987e12660d9b44b40a6c99

Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 3e3138007887504ee9206d0bfb5acb062c600025

References

https://git.kernel.org/stable/c/7875f3d9777bd4e9892c4db83...

https://git.kernel.org/stable/c/20a188775a9a9982d1987e126...

https://git.kernel.org/stable/c/3e3138007887504ee9206d0bf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31636 Data

JSON