What is CVE-2026-31633?

CVE-2026-31633 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-24.

How severe is CVE-2026-31633?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Linux

CVE-2026-31633

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to rounding up token_len before checking it, th…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a, 6.16, 0

References

git.kernel.org/stable/c/1f864d9daaf622aeaa774404fd51e7d6a435b046
git.kernel.org/stable/c/c1e242beb6b1efc3c286f617e8d940c8fbf2ed41
git.kernel.org/stable/c/699e52180f4231c257821c037ed5c99d5eb0edb8

Frequently asked questions

What is CVE-2026-31633?: CVE-2026-31633 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-24.
How severe is CVE-2026-31633?: Critical severity. CVSS v3 base score is 9.8 out of 10.