CVE-2026-31779 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 3, 2026
Linux Kernel - Out of Bounds Read
Published: May 1, 2026Updated: May 3, 2026
Overview
Linux kernel contains an out-of-bounds read vulnerability caused by insufficient validation of dynamic array length in iwl_mvm_nd_match_info_handler, letting attackers cause memory corruption, exploit requires crafted packet.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can cause memory corruption leading to potential system instability or information disclosure.
Mitigation
Update to the latest Linux kernel version containing the fix.
References
- https://git.kernel.org/stable/c/744fabc338e87b95c4d1ff7c95bc8c0f834c6d99
- https://git.kernel.org/stable/c/ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2
- https://git.kernel.org/stable/c/dd90880eb5ec5442b37eb2b95688f4a63f4883e3
- https://git.kernel.org/stable/c/e67d8c626ace80b0fa2b48c8ec0a46b508c93442
- https://git.kernel.org/stable/c/f6abac936a0dfd31d6c3e49205ec0ee75a8f887f
- https://git.kernel.org/stable/c/ffbed27ba15ef80d1c622eeedbfef03e501ae134
Related Resources
Details
- CVE ID
- CVE-2026-31779
- Severity
- High
- CVSS Score
- 8.1
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H