CVE-2026-31637CRITICAL 9.8EPSS p39.6%

CVE-2026-31637CVE-2026-31637

linux / linux_kernel

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.6% · 2026-06-18T12:00:27Z
Published2026-04-24
Last modified2026-06-01

References

  1. https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e3ee7f0f20072e60
  2. https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a
  3. https://git.kernel.org/stable/c/58fcd1b156152613ba00a064a129fb69507ddd7d
  4. https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5d468610ef5ab7de
  5. https://git.kernel.org/stable/c/fe4447cd95623b1cfacc15f280aab73a6d7340b2

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31696
CVE
CVE-2026-31631
CVE
CVE-2026-31676
CVE
CVE-2026-31633
CVE
CVE-2026-31634
CVE
CVE-2026-31636
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.