Integer overflow in Linux kernel - CVE-2026-31707
Published: May 2, 2026
Vulnerability identifier: #VU128992
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31707
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer overflow in ipc_validate_msg() when validating daemon response messages. A local user can supply a specially crafted daemon response with a wrapped size value to cause a denial of service.
The issue affects multiple response types, including RPC request, share config request, and extended login request handling, and negative ngroups values can influence size computation.
How to mitigate CVE-2026-31707
Install security update from vendor's repository.