CVE-2026-31682

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bridge: br_nd_send: linearize skb before parsing ND options<br /> <br /> br_nd_send() parses neighbour discovery options from ns-&gt;opt[] and<br /> assumes that these options are in the linear part of request.<br /> <br /> Its callers only guarantee that the ICMPv6 header and target address<br /> are available, so the option area can still be non-linear. Parsing<br /> ns-&gt;opt[] in that case can access data past the linear buffer.<br /> <br /> Linearize request before option parsing and derive ns from the linear<br /> network header.