CVE-2026-31696

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the rxrpc preparse() function, the non-XDR path for parsing key payloads (used for payloads 28 bytes or smaller) fails to validate the ticket length against AFSTOKEN RK TIX MAX. This differs from the XDR path, which performs this validation correctly. An unprivileged user can provide an excessively large ticket length, which causes the total token size calculation in the rxrpc read() function to exceed AFSTOKEN LENGTH MAX, resulting in a system warning.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.