Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.

INFO

Published Date :

2026-04-24T14:44:51.364Z

Last Modified :

2026-04-27T14:04:36.600Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31637 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31637.

URL Resource
https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e3ee7f0f20072e60 cve-icon cve-icon
https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a cve-icon cve-icon
https://git.kernel.org/stable/c/58fcd1b156152613ba00a064a129fb69507ddd7d cve-icon cve-icon
https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5d468610ef5ab7de cve-icon cve-icon
https://git.kernel.org/stable/c/fe4447cd95623b1cfacc15f280aab73a6d7340b2 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042455-CVE-2026-31637-0433@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31637 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31637 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact