CVE-2026-31738 (GCVE-0-2026-31738)
Vulnerability from cvelistv5
Published
2026-05-01 14:14
Modified
2026-05-01 14:14
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlan_na_create vxlan_na_create() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option payload. Validate option lengths against the remaining NS option area before advancing, and only read source LLADDR when the option is large enough for an Ethernet address.
References
Impacted products
Vendor Product Version
Linux Linux Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: 4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa
Version: d8be18c52dbc94989f6d74637b731af39cd3d902
Version: 3927dace523706cc00f808520eaf2125dd7c07b5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/vxlan/vxlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "901c1dd3bab2955d7e664f914c374c8c3ac2b958",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "e476745917a1e288eb15e7ff49d286a86a4861d3",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "2029712fb2c87e9a8c75094906f2ee29bf08c500",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "602596c69a70e50d9ab8c6ae0290a01f88229dd7",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "de20d2e3b9179d132f5f5b44e490d7c916c6321b",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "eddfce70a6f3107d1679b0c2fcbeb96b593bd679",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "b69c4236255bd8de16cd876e58c6f0867d1d78b1",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "lessThan": "afa9a05e6c4971bd5586f1b304e14d61fb3d9385",
              "status": "affected",
              "version": "4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d8be18c52dbc94989f6d74637b731af39cd3d902",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3927dace523706cc00f808520eaf2125dd7c07b5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/vxlan/vxlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.13.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: validate ND option lengths in vxlan_na_create\n\nvxlan_na_create() walks ND options according to option-provided\nlengths. A malformed option can make the parser advance beyond the\ncomputed option span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T14:14:34.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/901c1dd3bab2955d7e664f914c374c8c3ac2b958"
        },
        {
          "url": "https://git.kernel.org/stable/c/e476745917a1e288eb15e7ff49d286a86a4861d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/2029712fb2c87e9a8c75094906f2ee29bf08c500"
        },
        {
          "url": "https://git.kernel.org/stable/c/602596c69a70e50d9ab8c6ae0290a01f88229dd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/de20d2e3b9179d132f5f5b44e490d7c916c6321b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eddfce70a6f3107d1679b0c2fcbeb96b593bd679"
        },
        {
          "url": "https://git.kernel.org/stable/c/b69c4236255bd8de16cd876e58c6f0867d1d78b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/afa9a05e6c4971bd5586f1b304e14d61fb3d9385"
        }
      ],
      "title": "vxlan: validate ND option lengths in vxlan_na_create",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31738",
    "datePublished": "2026-05-01T14:14:34.900Z",
    "dateReserved": "2026-03-09T15:48:24.138Z",
    "dateUpdated": "2026-05-01T14:14:34.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.