CVE-2026-31679
Published: Apr 25, 2026
Modified: May 11, 2026
CVSS v3.1
7.1
Description
In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for SET/SET_MASKED actions. In action handling, OVS expects fixed-size MPLS key data (struct ovs_key_mpls). Use the already normalized key_len (masked case included) and reject non-matching MPLS action key sizes. Reject invalid MPLS action payload lengths early.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 - < 68f32ef0683c8d1c05cd2e4f16818fa63ff59c6faffected fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 - < 4cae986225f8b8679ad86b924918e7d75a96aa61affected fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 - < 8ed7b9930cbc3bc71f868fa79a68700ac88d586aaffected fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 - < c1f97152df8dfb17e855ddf0fc409b7bd13e9700affected fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 - < 98de18d327ef8cbbb704980e359e4872d8c28997+3 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now