CVE-2026-31682 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 27, 2026
Linux Kernel - Out of Bounds Read/Write
Published: April 25, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel contains a buffer linearization issue in br_nd_send function caused by parsing non-linear neighbour discovery options, letting attackers cause memory corruption or denial of service, exploit requires crafted network packets.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can cause memory corruption or denial of service by sending crafted network packets.
Mitigation
Update to the latest Linux kernel version containing the fix.
References
- https://git.kernel.org/stable/c/c68433fd291c9e88c00292095172c62d1997d662
- https://git.kernel.org/stable/c/2ba4caba423ed94d63006eb1d2227b0332ab7fcd
- https://git.kernel.org/stable/c/3a30f6469b058574f49efde61cd6f5d79e576053
- https://git.kernel.org/stable/c/4f397b950c916e9a1f8a4fce04ea0110206cad47
- https://git.kernel.org/stable/c/658261898130da620fc3d0fbb0523efb3366cb55
- https://git.kernel.org/stable/c/9c55e41c73af5c4511070933b1bd25248521270c
- https://git.kernel.org/stable/c/a01aee7cafc575bb82f5529e8734e7052f9b16ea
- https://git.kernel.org/stable/c/bd91ec85aa4c77d645bd2739fc56784157a88ca2
Related Resources
Details
- CVE ID
- CVE-2026-31682
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H