Cyber Resilience

CVE-2026-31682

Critical

Published: 25 April 2026

Published
25 April 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0042 33.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-31682 is a critical-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-31682 is a vulnerability in the Linux kernel's bridge module, specifically in the br_nd_send() function. This function parses Neighbor Discovery (ND) options from the ns->opt[] array in IPv6 neighbor solicitation packets, assuming the options reside in the linear portion of the socket buffer (skb). However, callers of br_nd_send() only guarantee that the ICMPv6 header and target address are linear, leaving the options area potentially non-linear. As a result, parsing can access data beyond the linear buffer boundaries, leading to potential memory corruption or invalid memory access.

The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction. Successful exploitation could result in high confidentiality and availability impacts, such as information disclosure through out-of-bounds reads or denial-of-service via kernel crashes, while integrity impact is none.

Mitigation is provided through upstream kernel patches available in stable branches, as referenced in the following commits: https://git.kernel.org/stable/c/2ba4caba423ed94d63006eb1d2227b0332ab7fcd, https://git.kernel.org/stable/c/3a30f6469b058574f49efde61cd6f5d79e576053, https://git.kernel.org/stable/c/4f397b950c916e9a1f8a4fce04ea0110206cad47, https://git.kernel.org/stable/c/658261898130da620fc3d0fbb0523efb3366cb55, and https://git.kernel.org/stable/c/9c55e41c73af5c4511070933b1bd25248521270c. These patches linearize the skb prior to parsing ND options and derive the neighbor solicitation structure from the linear network header. Security practitioners should update affected Linux kernels to incorporate these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part of request. Its callers only…

more

guarantee that the ICMPv6 header and target address are available, so the option area can still be non-linear. Parsing ns->opt[] in that case can access data past the linear buffer. Linearize request before option parsing and derive ns from the linear network header.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated network exploit in kernel bridge IPv6 ND parsing enables remote service exploitation (T1210) and system DoS via crashes from OOB access (T1499.004); I:N impact precludes reliable RCE/priv-esc mapping.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23457Same product: Linux Linux Kernel
CVE-2026-31393Same product: Linux Linux Kernel
CVE-2026-31501Same product: Linux Linux Kernel
CVE-2026-31657Same product: Linux Linux Kernel
CVE-2026-31448Same product: Linux Linux Kernel
CVE-2024-57791Same product: Linux Linux Kernel
CVE-2026-23456Same product: Linux Linux Kernel
CVE-2026-31640Same product: Linux Linux Kernel
CVE-2026-31626Same product: Linux Linux Kernel
CVE-2026-31676Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 4.15 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.168

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires identification, reporting, and timely correction of the kernel parsing flaw via upstream patches to eliminate the vulnerability.

prevent

Implements memory safeguards such as randomization and non-executable regions to mitigate exploitation of invalid memory access during skb option parsing.

detect

Enables vulnerability scanning to identify systems running vulnerable Linux kernel versions affected by the bridge ND parsing issue.

References