CVE-2026-31637

CRITICAL 9.8

rxrpc: reject undecryptable rxkad response tickets

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Apr 24, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new critical vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

17926a79320afa9b95df6b977b40cca6d8713cea < 252157d939d179b5d767cb860ff8fa7f8723b67a 17926a79320afa9b95df6b977b40cca6d8713cea < a75b3b361dd481d942c5f259a82d59718a41092c 17926a79320afa9b95df6b977b40cca6d8713cea < b3a808cd0790b5075aaa2bc3588edf02cd71d352 17926a79320afa9b95df6b977b40cca6d8713cea < 47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a 17926a79320afa9b95df6b977b40cca6d8713cea < a149dcae23309df9de1c3b6b5d468610ef5ab7de 17926a79320afa9b95df6b977b40cca6d8713cea < 22f6258e7b31dba9bf88dce4e3ee7f0f20072e60 17926a79320afa9b95df6b977b40cca6d8713cea < 58fcd1b156152613ba00a064a129fb69507ddd7d 17926a79320afa9b95df6b977b40cca6d8713cea < fe4447cd95623b1cfacc15f280aab73a6d7340b2

Linux / Linux

2.6.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗