CVE-2026-31685
CRITICAL EPSS 25.6%
Published Apr 25, 20262mo ago · Modified Jun 17, 20261w ago
9.4 CVSS 3.1
Published Apr 25, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects an invalid MAC header when `par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()` can still reach `eth_hdr(skb)` even when the MAC header is not valid. Fix this by removing the `par->fragoff != 0` condition so that packets with an invalid MAC header are rejected before accessing `eth_hdr(skb)`.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability High
Threat Intelligence
EPSS Exploit Probability
25.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥2.6.12.1 – <6.6.136 |
| linux | linux_kernel | * | ≥6.7 – <6.12.83 |
| linux | linux_kernel | * | ≥6.13 – <6.18.24 |
| linux | linux_kernel | * | ≥6.19 – <6.19.14 |
| linux | linux_kernel | 2.6.12 | any |
| linux | linux_kernel | 2.6.12 | any |
| linux | linux_kernel | 2.6.12 | any |
| linux | linux_kernel | 2.6.12 | any |
| linux | linux_kernel | 2.6.12 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/288138418bef956f8b295751a4536c60f0e89f4a
- git.kernel.org https://git.kernel.org/stable/c/309ae3e9a51a69699ca94eac5fac5688fa562d55
- git.kernel.org https://git.kernel.org/stable/c/4d75bc2cd093bf5803edf512c099bfb220fd6459
- git.kernel.org https://git.kernel.org/stable/c/7d6a57411caf54df025860c9b1a82cd42d57a562
- git.kernel.org https://git.kernel.org/stable/c/807d6ee15804df6f01a35c910f09612e858739a6
- git.kernel.org https://git.kernel.org/stable/c/9eda5478746ef7dc0e4e537b5a5e4b0ca1027091
- git.kernel.org https://git.kernel.org/stable/c/d5603591373441fecf9951833d6d873e09320f08
- git.kernel.org https://git.kernel.org/stable/c/fdce0b3590f724540795b874b4c8850c90e6b0a8
Remediation
- git.kernel.org https://git.kernel.org/stable/c/288138418bef956f8b295751a4536c60f0e89f4a
- git.kernel.org https://git.kernel.org/stable/c/309ae3e9a51a69699ca94eac5fac5688fa562d55
- git.kernel.org https://git.kernel.org/stable/c/807d6ee15804df6f01a35c910f09612e858739a6
- git.kernel.org https://git.kernel.org/stable/c/9eda5478746ef7dc0e4e537b5a5e4b0ca1027091
- git.kernel.org https://git.kernel.org/stable/c/fdce0b3590f724540795b874b4c8850c90e6b0a8