CVE-2026-31637
Published: Apr 24, 2026
Modified: Jun 1, 2026
CVSS v3.1
9.8
Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 17926a79320afa9b95df6b977b40cca6d8713cea - < 252157d939d179b5d767cb860ff8fa7f8723b67aaffected 17926a79320afa9b95df6b977b40cca6d8713cea - < a75b3b361dd481d942c5f259a82d59718a41092caffected 17926a79320afa9b95df6b977b40cca6d8713cea - < b3a808cd0790b5075aaa2bc3588edf02cd71d352affected 17926a79320afa9b95df6b977b40cca6d8713cea - < 47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8aaffected 17926a79320afa9b95df6b977b40cca6d8713cea - < a149dcae23309df9de1c3b6b5d468610ef5ab7de+3 more versions |
Linux | Linux | affected 2.6.22unaffected 0 - < 2.6.22unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now