Cyber Resilience

CVE-2026-31779

High

Published: 01 May 2026

Published
01 May 2026
Modified
11 May 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0027 18.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31779 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31779 is a vulnerability in the Linux kernel's iwlwifi driver, specifically within the mvm component's iwl_mvm_nd_match_info_handler() function. It stems from a memcpy operation that assumes the dynamic array notif->matches is at least as large as the number of bytes to be copied, potentially leading to an out-of-bounds read if the packet length is insufficient. This could result in results->matches containing unwanted data. The issue affects systems using the iwlwifi driver for Intel WiFi hardware and was discovered by the Linux Verification Center using SVACE static analysis.

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation enables high-impact confidentiality loss (C:H), such as leakage of sensitive data from kernel memory, and high-impact availability disruption (A:H), potentially causing denial of service via crashes, while maintaining unchanged scope (S:U). The CVSS v3.1 base score is 8.1, reflecting its severity in WiFi-enabled environments.

Mitigation is provided through upstream kernel patches available in the Linux stable repository. Key commits, such as 744fabc338e87b95c4d1ff7c95bc8c0f834c6d99, ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2, dd90880eb5ec5442b37eb2b95688f4a63f4883e3, e67d8c626ace80b0fa2b48c8ec0a46b508c93442, and f6abac936a0dfd31d6c3e49205ec0ee75a8f887f, extend validation checks to ensure the packet length is sufficient before performing the memcpy, preventing the out-of-bounds read. Security practitioners should update to kernels incorporating these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic array notif->matches is at least as large as the number of bytes to copy. Otherwise,…

more

results->matches may contain unwanted data. To guarantee safety, extend the validation in one of the checks to ensure sufficient packet length. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read in WiFi driver enables kernel memory disclosure for credential access via exploitation (T1212) and system crashes for DoS via application/system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23363Same product: Linux Linux Kernel
CVE-2022-49368Same product: Linux Linux Kernel
CVE-2026-31484Same product: Linux Linux Kernel
CVE-2026-23327Same product: Linux Linux Kernel
CVE-2022-49249Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2022-49252Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2021-47636Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 6.1 — 6.1.168 · 6.2 — 6.6.134 · 6.7 — 6.12.81

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through upstream kernel patches directly corrects the insufficient packet length validation before memcpy, eliminating the out-of-bounds read vulnerability.

prevent

Mandates validation of information inputs such as WiFi packet lengths to ensure they match expected sizes, preventing memcpy operations from accessing uninitialized or out-of-bounds memory.

prevent

Provides memory safeguards like kernel address space isolation and protections against unauthorized memory access, mitigating potential leakage and crashes from out-of-bounds reads.

References