Potential Buffer Overflow in Linux Kernel RXKAD Ticket Processing
CVE-2026-31637

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31637?

A vulnerability in the Linux kernel's RXKAD ticket processing allows attackers to exploit the ticket parser by sending malformed response tickets. If the decryption of the RXKAD response ticket fails, the system may still attempt to parse the response as plaintext, leading to the execution of unverified and possibly malicious code. To mitigate this risk, it is essential for the kernel to validate decryption results and terminate the connection if decryption does not succeed.

Affected Version(s)

Linux 17926a79320afa9b95df6b977b40cca6d8713cea < 47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a

Linux 17926a79320afa9b95df6b977b40cca6d8713cea

Linux 17926a79320afa9b95df6b977b40cca6d8713cea < 22f6258e7b31dba9bf88dce4e3ee7f0f20072e60

References

https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d...

https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5...

https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31637 Data

JSON