CVE-2026-31641

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A heap buffer overflow exists in the rxrpc preparse xdr yfs rxgk() function. The issue occurs because the raw key length and ticket length are read as u32 values and processed through round up(x, 4) before validation and allocation. If the raw length is 0xfffffffd or greater, the rounding operation wraps to 0, causing the bounds check and kzalloc to use 0. Subsequently, memcpy uses the original value of approximately 4 GiB, leading to the overflow. This can be triggered by an unprivileged add key() call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.