CVE-2026-31685 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: April 27, 2026
Linux kernel netfilter - Denial of Service
Published: April 25, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel netfilter ip6t_eui64 contains a denial of service caused by improper validation of MAC headers in IPv6 packets, letting attackers send packets with invalid MAC headers to cause potential kernel crashes, exploit requires network access.
Severity & Score
Severity: Critical
CVSS Score: 9.4
Impact
Attackers can cause kernel crashes or denial of service by sending packets with invalid MAC headers.
Mitigation
Update to the latest Linux kernel version with the fix for ip6t_eui64.
References
- https://git.kernel.org/stable/c/807d6ee15804df6f01a35c910f09612e858739a6
- https://git.kernel.org/stable/c/9eda5478746ef7dc0e4e537b5a5e4b0ca1027091
- https://git.kernel.org/stable/c/fdce0b3590f724540795b874b4c8850c90e6b0a8
- https://git.kernel.org/stable/c/288138418bef956f8b295751a4536c60f0e89f4a
- https://git.kernel.org/stable/c/309ae3e9a51a69699ca94eac5fac5688fa562d55
Related Resources
Details
- CVE ID
- CVE-2026-31685
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- denial_of_service
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H