What is the CVSS score of CVE-2026-31631?

CVE-2026-31631 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-31631?

A buffer overread vulnerability in Linux kernel RxGK authentication (CVE-2026-31631) could allow unauthenticated remote attackers to cause denial of service and information disclosure on systems…. A patch is available.

Linux Kernel CVE-2026-31631

EUVD-2026-25524 HIGH

Out-of-bounds Write (CWE-787)

2026-04-24 Linux

GHSA-q633-5j2j-rqx5

Buffer Overflow Linux Memory Corruption Red Hat Suse

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 20:37 vuln.today

cvss_changed

Patch released

Apr 27, 2026 - 20:30 nvd

Patch available

Analysis Generated

Apr 27, 2026 - 15:38 vuln.today

CVSS changed

Apr 27, 2026 - 15:22 NVD

8.2 (HIGH)

Patch available

Apr 24, 2026 - 16:16 EUVD

EUVD ID Assigned

Apr 24, 2026 - 15:00 euvd

EUVD-2026-25524

Analysis Generated

Apr 24, 2026 - 15:00 vuln.today

CVE Published

Apr 24, 2026 - 14:44 nvd

HIGH 8.2

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix buffer overread in rxgk_do_verify_authenticator()

Fix rxgk_do_verify_authenticator() to check the buffer size before checking the nonce.

AnalysisAI

Buffer overread in Linux kernel's rxgk_do_verify_authenticator() function allows remote unauthenticated attackers to trigger information disclosure and high-availability denial of service through network-accessible RxGK authentication handling. The vulnerability stems from improper buffer size validation before nonce verification in the RxRPC subsystem. …

RemediationAI

Within 24 hours: Identify Linux systems running kernel versions prior to 6.19.13, 6.18.23, or 7.0, particularly those using RxRPC with RxGK authentication; document inventory and business criticality. Within 7 days: Deploy vendor-released patches to affected systems (kernel upgrade to 6.19.13, 6.18.23, or 7.0 minimum). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

CVE-2026-31631 vulnerability details – vuln.today

Back

Linux Kernel CVE-2026-31631

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code