Improper Input Validation in Linux Kernel's rxrpc Component
CVE-2026-31696

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31696?

A vulnerability exists in the Linux kernel's rxrpc component related to improper validation of ticket length during key payload parsing. Specifically, the non-XDR parsing path neglects to verify that the ticket length does not exceed the specified maximum value, which can potentially be exploited by an unprivileged user. This oversight can lead to significant implications during the token size calculation, causing the system to trigger warnings and potentially impacting stability. A patch has been implemented to remedy this issue by adding necessary checks to align the non-XDR path's validation with that of the XDR path.

Affected Version(s)

Linux 8a7a3eb4ddbe7c7e639170a64adede7cbd5a9247 < 1fa36cf495b0023e8475d038535c05e4063211e1

Linux 8a7a3eb4ddbe7c7e639170a64adede7cbd5a9247 < 4458757c020592a3094366e0fb20457383b42f92

Linux 8a7a3eb4ddbe7c7e639170a64adede7cbd5a9247

References

https://git.kernel.org/stable/c/1fa36cf495b0023e8475d0385...

https://git.kernel.org/stable/c/4458757c020592a3094366e0f...

https://git.kernel.org/stable/c/ce383ba615339f8eaec646a16...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31696 Data

JSON