VDB

DEBIAN-CVE-2026-31637

DEBIAN-CVE-2026-31637 PUBLISHED CVSS 9.800000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.74-2, 6.12.74-2
Debian:11linux7.0.1-1, 5.17~rc3-1~exp1, 5.17~rc5-1~exp1
Debian:14linux6.16.9-1, 6.16~rc7-1~exp1, 6.17.11-1
Debian:12linux6.4~rc6-1~exp1, 6.4~rc7-1~exp1, 6.5.1-1~exp1

Exploit Intelligence

Timeline

  • Apr 24, 2026 CVE Published
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›