Skip to main content

Linux Kernel EUVDEUVD-2026-26551

| CVE-2026-31738 MEDIUM
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:15 vuln.today
CVSS changed
May 07, 2026 - 19:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26551
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

vxlan: validate ND option lengths in vxlan_na_create

vxlan_na_create() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option payload.

Validate option lengths against the remaining NS option area before advancing, and only read source LLADDR when the option is large enough for an Ethernet address.

AnalysisAI

Denial of service in Linux kernel VXLAN module allows local authenticated attackers to crash the system via malformed IPv6 neighbor discovery options in vxlan_na_create(). A crafted ND option with incorrect length values can cause out-of-bounds access or undersized payload reads, triggering a kernel panic. EPSS exploitation probability is low at 0.02%, but the vulnerability is confirmed patched across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12).

Technical ContextAI

The VXLAN (Virtual Extensible LAN) module in the Linux kernel processes IPv6 Neighbor Advertisement (NA) messages containing Neighbor Discovery (ND) options. The vxlan_na_create() function parses these options by iterating through option blocks using length fields embedded in each option. The vulnerability stems from insufficient validation of these length fields before advancing the parser pointer or reading from option payloads. Specifically, a source LLADDR (Link-Layer Address) option with a length field smaller than required for an Ethernet address (6 bytes) could trigger out-of-bounds memory reads. Additionally, a malformed length value could cause the parser to advance beyond the bounds of the NS option area entirely. The CWE classification is not specified, but this pattern matches CWE-119 (improper restriction of operations within bounds of memory buffer) or CWE-125 (out-of-bounds read).

RemediationAI

Upgrade to patched kernel versions: 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, or 6.19.12 for the respective stable branches. Systems on other versions should apply the upstream fix commit (901c1dd3bab2955d7e664f914c374c8c3ac2b958 or equivalent for each branch) available via git.kernel.org. The patch adds explicit length validation before parsing ND options and verifies that source LLADDR options contain sufficient payload for Ethernet addresses. No workarounds are available short of disabling VXLAN functionality entirely via module blacklisting (echo 'blacklist vxlan' >> /etc/modprobe.d/blacklist.conf and reboot), which may impact network virtualization deployments. See kernel git repository references for detailed patch content.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy