CVE-2026-31633
Published: 24 April 2026
Summary
CVE-2026-31633 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linux Linux Kernel. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the integer overflow in rxgk_verify_response() by applying Linux kernel patches that fix the token_len validation bypass.
Monitors and scans for vulnerabilities like CVE-2026-31633 in Linux kernel versions using rxrpc, enabling identification and prioritization of affected systems for patching.
Monitors and controls communications at network boundaries to restrict or inspect UDP traffic targeting rxrpc services, limiting remote exploitation opportunities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated integer overflow in kernel rxrpc enables exploitation of public-facing apps/remote services for RCE/DoS (T1190/T1210) and kernel-level privilege escalation (T1068).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to rounding up token_len before checking it, thereby allowing the length check to be bypassed. Fix…
more
this by checking the unrounded value against len too (len is limited as the response must fit in a single UDP packet).
Deeper analysisAI
CVE-2026-31633 is an integer overflow vulnerability (CWE-190) in the Linux kernel's rxrpc subsystem, specifically within the rxgk_verify_response() function. The issue arises from rounding up the token_len value before performing a length check, which can bypass the validation and allow processing of malformed data. This affects Linux kernel versions prior to the application of the referenced patches, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote exploitation.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting a malicious response that triggers the integer overflow, attackers can bypass the length check intended to ensure the response fits within a single UDP packet, potentially leading to arbitrary code execution, data corruption, or denial of service with high confidentiality, integrity, and availability impacts.
Mitigation involves applying the upstream kernel patches provided in the stable repository, such as commits 1f864d9daaf622aeaa774404fd51e7d6a435b046, 699e52180f4231c257821c037ed5c99d5eb0edb8, and c1e242beb6b1efc3c286f617e8d940c8fbf2ed41. These fixes address the overflow by additionally checking the unrounded token_len value against the response length (len) before processing. Security practitioners should update affected Linux kernels promptly and monitor for systems using rxrpc, such as those with AFS or related filesystems.
Details
- CWE(s)