VDB
DEBIAN-CVE-2026-31685
DEBIAN-CVE-2026-31685
PUBLISHED
CVSS 9.399999618530273 CRITICAL
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects an invalid MAC header when `par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()` can still reach `eth_hdr(skb)` even when the MAC header is not valid. Fix this by removing the `par->fragoff != 0` condition so that packets with an invalid MAC header are rejected before accessing `eth_hdr(skb)`.
Risk Scores
CVSS v3.1
9.399999618530273
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.10.6-1, 7.0.1-1, 7.0-1 |
| Debian:11 | linux | 7.0.1-1, 6.1.4-1, 6.1.52-1 |
| Debian:14 | linux | 6.14.5-1~exp1, 6.19, 6.19 |
| Debian:13 | linux | 6.12.38-1, 6.12.41-1, 6.12.43-1~bpo12+1 |
Timeline
- Apr 25, 2026 CVE Published
- May 1, 2026 CVE Updated