Linux Kernel Oversized Global TT Response Buffer Vulnerability
CVE-2026-31659

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31659?

A vulnerability in the Linux kernel allows for the acceptance of oversized global TT response buffers, leading to potential heap corruption. When a remote originator advertises a global TT payload that exceeds the allowable size, it can cause the TT payload length combined with the VLAN header offset to exceed the 16-bit limit. This results in a wrapped allocation that is insufficient, causing writes beyond the end of the heap object. The fix involves rejecting TT responses whose TVLV value length does not comply with the expected size, thereby preventing this buffer overflow issue.

Affected Version(s)

Linux 7ea7b4a142758deaf46c1af0ca9ceca6dd55138b < 7e5d007e0df946bffb8542fb112e0044014a5897

Linux 7ea7b4a142758deaf46c1af0ca9ceca6dd55138b < 2997f4bd1f982e7013709946e00be89b507693fa

Linux 7ea7b4a142758deaf46c1af0ca9ceca6dd55138b < 95c71365a2222908441b54d6f2c315e0c79fcec3

References

https://git.kernel.org/stable/c/7e5d007e0df946bffb8542fb1...

https://git.kernel.org/stable/c/2997f4bd1f982e7013709946e...

https://git.kernel.org/stable/c/95c71365a2222908441b54d6f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31659 Data

JSON