CVE-2026-31570 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 27, 2026
Linux Kernel - Out-of-Bounds Read/Write
Published: April 24, 2026Updated: April 27, 2026
Overview
Linux kernel contains an out-of-bounds heap access in cgw_csum_crc8_rel() caused by using raw negative indices instead of bounds-checked indices in CAN gateway checksum calculation, letting attackers with CAP_NET_ADMIN privileges cause memory corruption.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers with CAP_NET_ADMIN can cause out-of-bounds heap memory corruption, potentially leading to system instability or denial of service.
Mitigation
Update to Linux kernel version 7.0-rc2 or later where the issue is fixed.
References
- https://git.kernel.org/stable/c/c4e8eaa75fa0b6bcbfa5356d6195c4ad0e05e57a
- https://git.kernel.org/stable/c/e7c99348b0612b2bc02d5ce6ff9873261cc7605f
- https://git.kernel.org/stable/c/54ecdf76a55e75c1f5085e440f8ab671a3283ef5
- https://git.kernel.org/stable/c/66b689efd08227da2c5ca49b58b30a95d23c695a
- https://git.kernel.org/stable/c/84f8b76d24273175a22713e83e90874e1880d801
- https://git.kernel.org/stable/c/999ca48d55a8a46da21519db7e834e5867200379
- https://git.kernel.org/stable/c/a025283d7f7404c739225e457fb99db2368bb544
- https://git.kernel.org/stable/c/b9c310d72783cc2f30d103eed83920a5a29c671a
Related Resources
Details
- CVE ID
- CVE-2026-31570
- Severity
- High
- CVSS Score
- 8.8
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H