CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

CVE-2026-31636

Summary: CVE-2026-31636 affects the Linux kernel rxrpc subsystem. The root cause is in rxgk_verify_authenticator(), which copies auth_len into a temporary buffer and then uses p + auth_len as the parser limit. Because p is a __be32*, this inflates the parser end pointer by four, enabling a slab-o...

CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

EUVD-2026-25528

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

CVE-2026-31635

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

CVE-2026-31635

CVE-2026-31635 affects the Linux kernel rxrpc component. The vulnerability stems from an inverted length check in rxgk_verify_response(), where oversized RESPONSE authenticators can be accepted and later cause a contradictory length that leads to a BUG_ON(len) in skb_to_sgvec(). This can crash th...

CVE-2026-31635

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

EUVD-2026-25524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

CVE-2026-31631 rxrpc: Fix buffer overread in rxgk_do_verify_authenticator()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

PT-2026-34988

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk verify authenticator copies auth len bytes into a temporary buffer and then passes p + auth len as the parser limit to rxgk do verify authenticator. Since p is a be32 , that...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rxgkverifyauthenticator function’s handling of pointers as be32 types. This leads to the pars...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rxgkdoverifyauthenticator function not verifying the buffer size before checking the nonce,...

PT-2026-34983

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk do verify authenticator Fix rxgk do verify authenticator to check the buffer size before checking the nonce...

An Analysis of Attack Vectors against FIDO2 Authentication

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such attacks, prompting the development of more secure...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...

SUSE CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

GHSA-R7P8-XQ5M-436C Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

Description as reported A security vulnerability has been identified in Jetty's JaspiAuthenticator.java. The root cause is a failure to consistently clear authentication metadata stored in ThreadLocal during certain error or incomplete authentication flows. Specifically, after a...