Skip to main content

Linux Kernel EUVDEUVD-2026-25524

| CVE-2026-31631 HIGH
Out-of-bounds Write (CWE-787)
2026-04-24 Linux GHSA-q633-5j2j-rqx5
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
6.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

8
Re-analysis Queued
Apr 27, 2026 - 20:37 vuln.today
cvss_changed
Patch released
Apr 27, 2026 - 20:30 nvd
Patch available
Analysis Generated
Apr 27, 2026 - 15:38 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
8.2 (HIGH)
Patch available
Apr 24, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25524
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:44 nvd
HIGH 8.2

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix buffer overread in rxgk_do_verify_authenticator()

Fix rxgk_do_verify_authenticator() to check the buffer size before checking the nonce.

AnalysisAI

Buffer overread in Linux kernel's rxgk_do_verify_authenticator() function allows remote unauthenticated attackers to trigger information disclosure and high-availability denial of service through network-accessible RxGK authentication handling. The vulnerability stems from improper buffer size validation before nonce verification in the RxRPC subsystem. Patches are available from the Linux kernel stable tree (versions 6.19.13, 6.18.23, and 7.0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability, and no active exploitation or public POC has been identified. Despite the high CVSS base score of 8.2, real-world risk appears limited to environments using RxRPC with RxGK authentication.

Technical ContextAI

This vulnerability affects the RxRPC subsystem in the Linux kernel, specifically within the RxGK (Rx GSSAPI Kerberos) authentication mechanism. RxRPC is a remote procedure call protocol used primarily by the AFS (Andrew File System) distributed filesystem. The rxgk_do_verify_authenticator() function performs authentication verification by validating nonces and other cryptographic parameters. The flaw occurs due to improper bounds checking where the function attempts to verify a nonce before validating that sufficient buffer space exists to read it safely. This classic buffer overread condition can cause the kernel to access memory beyond allocated boundaries during network packet processing. The vulnerability is present in kernel versions between commit 9d1d2b59341f and the fix commits, affecting mainline 6.16, stable branches 6.18.x and 6.19.x, and potentially 7.0-rc versions prior to patching.

RemediationAI

Upgrade to patched Linux kernel versions: 6.18.23 or later for the 6.18 stable series, 6.19.13 or later for the 6.19 stable series, or 7.0 final release. Patches are available from the Linux kernel stable Git repository at the URLs provided in references. For systems that cannot immediately upgrade, disable RxRPC support as a temporary mitigation by unloading the rxrpc kernel module (modprobe -r rxrpc) if compiled as a module, though this will break AFS and other RxRPC-dependent services. Alternatively, restrict network access to RxRPC services (default UDP port 7001) using firewall rules to trusted networks only, reducing exposure from AV:N to AV:A (adjacent network), though this does not eliminate the vulnerability. Note that disabling RxRPC will cause service outages for AFS clients. Organizations not using AFS or RxRPC can verify these services are not running (check for rxrpc module with lsmod | grep rxrpc) and deprioritize patching. Full kernel upgrade is the only complete remediation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-25524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy