4 matches found
CVE-2026-31635
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...
CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...
EUVD-2026-25528
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...
CVE-2026-31635
CVE-2026-31635 affects the Linux kernel rxrpc component. The vulnerability stems from an inverted length check in rxgk_verify_response(), where oversized RESPONSE authenticators can be accepted and later cause a contradictory length that leads to a BUG_ON(len) in skb_to_sgvec(). This can crash th...