CVE-2026-31682 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 27, 2026
Linux Kernel - Out of Bounds Read/Write
Overview
Linux kernel contains a buffer linearization issue in br_nd_send function caused by parsing non-linear neighbour discovery options, letting attackers cause memory corruption or denial of service, exploit requires crafted network packets.
Severity & Score
Impact
Attackers can cause memory corruption or denial of service by sending crafted network packets.
Mitigation
Update to the latest Linux kernel version containing the fix.
References
- https://git.kernel.org/stable/c/bd91ec85aa4c77d645bd2739fc56784157a88ca2
- https://git.kernel.org/stable/c/c68433fd291c9e88c00292095172c62d1997d662
- https://git.kernel.org/stable/c/2ba4caba423ed94d63006eb1d2227b0332ab7fcd
- https://git.kernel.org/stable/c/3a30f6469b058574f49efde61cd6f5d79e576053
- https://git.kernel.org/stable/c/4f397b950c916e9a1f8a4fce04ea0110206cad47
- https://git.kernel.org/stable/c/658261898130da620fc3d0fbb0523efb3366cb55
- https://git.kernel.org/stable/c/9c55e41c73af5c4511070933b1bd25248521270c
- https://git.kernel.org/stable/c/a01aee7cafc575bb82f5529e8734e7052f9b16ea
Social Media Activity(1 post)
š“ CVE-2026-31682 - Critical (9.1) In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part ... š https://www.thehackerwire.com/vulnerability/CVE-2026-31682/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31682
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- out_of_bounds_rw
- Status
- unconfirmed
- EPSS
- 6.9%
- Social Posts
- 1
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H