SB2026042558 - Integer underflow in Linux kernel tipc
Published: April 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer underflow (CVE-ID: CVE-2026-31662)
CWE-ID: CWE-191 - Integer underflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an integer underflow in tipc_group_proto_rcv() when handling duplicate or stale GRP_ACK_MSG messages. A remote attacker can send duplicate group acknowledgment messages to cause a denial of service.
After the counter wraps, group broadcasts on the affected socket remain blocked until the group is recreated.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1b6f13f626665cac67ba5a012765427680518711
- https://git.kernel.org/stable/c/36ec4fdd6250dcd5e73eb09ea92ed92e9cc28412
- https://git.kernel.org/stable/c/3bcf7aca63f0bcd679ae28e9b99823c608e59ce3
- https://git.kernel.org/stable/c/48a5fe38772b6f039522469ee6131a67838221a8
- https://git.kernel.org/stable/c/575faea557f1a184a5f09661bd47ebd3ef3769f8
- https://git.kernel.org/stable/c/a2ea1ef0167d7a84730638d05c20ccdc421b14b6
- https://git.kernel.org/stable/c/a7db57ccca21f5801609065473c89a38229ecb92
- https://git.kernel.org/stable/c/e0bb732eaf77f9ac2f2638bdac9e39b81e0a9682