VDB
DEBIAN-CVE-2026-31637
DEBIAN-CVE-2026-31637
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 6.12.74-2, 6.12.74-2 |
| Debian:11 | linux | 7.0.1-1, 5.17~rc3-1~exp1, 5.17~rc5-1~exp1 |
| Debian:14 | linux | 6.16.9-1, 6.16~rc7-1~exp1, 6.17.11-1 |
| Debian:12 | linux | 6.4~rc6-1~exp1, 6.4~rc7-1~exp1, 6.5.1-1~exp1 |
Exploit Intelligence
- 4694.0.0.yml (github-poc)
Timeline
- Apr 24, 2026 CVE Published
- Apr 30, 2026 CVE Updated