Home / Vulnerability Intelligence / CVE-2026-31633

CVE-2026-31633 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 27, 2026

Linux Kernel - Integer Overflow

Published: April 24, 2026Updated: April 27, 2026Remote Exploitable

Overview

Linux kernel contains an integer overflow caused by improper rounding of token_len in rxgk_verify_response(), letting attackers bypass length checks, exploit requires crafted UDP packet.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can bypass length checks, potentially leading to memory corruption or denial of service.

Mitigation

Update to the latest Linux kernel version with the fix for rxgk_verify_response() integer overflow.

References

https://git.kernel.org/stable/c/c1e242beb6b1efc3c286f617e8d940c8fbf2ed41
https://git.kernel.org/stable/c/1f864d9daaf622aeaa774404fd51e7d6a435b046
https://git.kernel.org/stable/c/699e52180f4231c257821c037ed5c99d5eb0edb8

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31633
Severity: Critical
CVSS Score: 9.8
Type: integer_overflow
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H