CVE-2026-31637

EUVD-2026-25530

24.04.2026, 15:16

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: reject undecryptable rxkad response tickets

rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then
parses the buffer as plaintext without checking whether
crypto_skcipher_decrypt() succeeded.

A malformed RESPONSE can therefore use a non-block-aligned ticket
length, make the decrypt operation fail, and still drive the ticket
parser with attacker-controlled bytes.

Check the decrypt result and abort the connection with RXKADBADTICKET
when ticket decryption fails.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

References

https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e3ee7f0f20072e60

https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a

https://git.kernel.org/stable/c/58fcd1b156152613ba00a064a129fb69507ddd7d

https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5d468610ef5ab7de

https://git.kernel.org/stable/c/fe4447cd95623b1cfacc15f280aab73a6d7340b2