Out-of-bounds read in Linux kernel - CVE-2026-31738
Published: May 2, 2026
Vulnerability identifier: #VU128957
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-31738
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in vxlan_na_create when parsing neighbor discovery options. A remote attacker can send a specially crafted packet to cause a denial of service.
How to mitigate CVE-2026-31738
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/2029712fb2c87e9a8c75094906f2ee29bf08c500
- https://git.kernel.org/stable/c/602596c69a70e50d9ab8c6ae0290a01f88229dd7
- https://git.kernel.org/stable/c/901c1dd3bab2955d7e664f914c374c8c3ac2b958
- https://git.kernel.org/stable/c/afa9a05e6c4971bd5586f1b304e14d61fb3d9385
- https://git.kernel.org/stable/c/b69c4236255bd8de16cd876e58c6f0867d1d78b1
- https://git.kernel.org/stable/c/de20d2e3b9179d132f5f5b44e490d7c916c6321b
- https://git.kernel.org/stable/c/e476745917a1e288eb15e7ff49d286a86a4861d3
- https://git.kernel.org/stable/c/eddfce70a6f3107d1679b0c2fcbeb96b593bd679