VDB

CVE-2026-31682

CVE-2026-31682 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header and target address are available, so the option area can still be non-linear. Parsing ns->opt[] in that case can access data past the linear buffer. Linearize request before option parsing and derive ns from the linear network header.

EPSS 0.09% · 24.9th percentile

Risk Scores

EPSS Score
0.09%
24.9th percentile

Affected Products

VendorProductVersions
LinuxLinux5.10.253, 6.1.168, 6.6.134
linuxlinux_kernel4.15, 4.15, 4.15

Timeline

  • Apr 25, 2026 CVE Published
  • Apr 25, 2026 PoC Published
  • Apr 27, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

…and 57 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›