Home / Vulnerability Intelligence / CVE-2026-31636

CVE-2026-31636 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 27, 2026

Linux Kernel - Out-of-Bounds Read

Published: April 24, 2026Updated: April 27, 2026Remote Exploitable

Overview

Linux kernel contains an out-of-bounds read caused by incorrect calculation of parser limit in rxgk_verify_authenticator() in rxrpc component, letting attackers with malformed RESPONSE authenticators read past allocated buffer, exploit requires crafted malformed RESPONSE authenticators.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can read memory beyond intended buffer, potentially leaking sensitive kernel memory contents.

Mitigation

Update to the latest Linux kernel version containing the fix.

References

https://git.kernel.org/stable/c/7875f3d9777bd4e9892c4db830571ab8ac2044c0
https://git.kernel.org/stable/c/20a188775a9a9982d1987e12660d9b44b40a6c99
https://git.kernel.org/stable/c/3e3138007887504ee9206d0bfb5acb062c600025

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31636
Severity: Critical
CVSS Score: 9.1
Type: out_of_bounds_rw
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H