CVE-2026-31631
Published: 24 April 2026
Summary
CVE-2026-31631 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely remediation of the buffer overread flaw in the Linux kernel's rxgk_do_verify_authenticator() via patching to stable commits.
Requires buffer size validation on network inputs to rxgk_do_verify_authenticator() to prevent out-of-bounds reads.
Implements kernel memory protections that limit the impact of buffer overreads, reducing potential data exposure and crash exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of exposed rxrpc kernel code path enables initial access via public-facing service (T1190) and directly causes OS-level denial of service through kernel crash (T1499.004). Limited memory disclosure does not map cleanly to any collection technique.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() Fix rxgk_do_verify_authenticator() to check the buffer size before checking the nonce.
Deeper analysisAI
CVE-2026-31631 is a buffer overread vulnerability in the Linux kernel's rxrpc subsystem, specifically within the rxgk_do_verify_authenticator() function. The flaw occurs because the function fails to check the buffer size before accessing the nonce, potentially allowing reads beyond the allocated buffer boundaries. This issue affects the Linux kernel and is classified under CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). The vulnerability was published on 2026-04-24.
Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, user interaction, or special conditions. Successful exploitation results in low confidentiality impact, such as limited exposure of sensitive data, and high availability impact, typically manifesting as kernel crashes or denial of service.
Mitigation requires updating to a patched Linux kernel version that includes the fixes from the referenced stable commits: https://git.kernel.org/stable/c/1c4422d8be81718ecb15d79aedff607323085201, https://git.kernel.org/stable/c/794586789800b16dcbe235452494f4223ac80413, and https://git.kernel.org/stable/c/f564af387c8c28238f8ebc13314c589d7ba8475d. These patches add the necessary buffer size check before nonce verification in rxgk_do_verify_authenticator().
Details
- CWE(s)