CVE-2026-31631

moderate-risk

Published 2026-04-24

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() Fix rxgk_do_verify_authenticator() to check the buffer size before checking the nonce.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (9)

Linux Kernel

Affected Vendors

Linux

References (3)

Patch https://git.kernel.org/stable/c/1c4422d8be81718ecb15d79aedff607323085201

Patch https://git.kernel.org/stable/c/794586789800b16dcbe235452494f4223ac80413

Patch https://git.kernel.org/stable/c/f564af387c8c28238f8ebc13314c589d7ba8475d

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 0/34 · Minimal

Exposure 15/34 · Moderate