CVE-2026-31682
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
25/04/2026
Última modificación:
25/04/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
bridge: br_nd_send: linearize skb before parsing ND options<br />
<br />
br_nd_send() parses neighbour discovery options from ns->opt[] and<br />
assumes that these options are in the linear part of request.<br />
<br />
Its callers only guarantee that the ICMPv6 header and target address<br />
are available, so the option area can still be non-linear. Parsing<br />
ns->opt[] in that case can access data past the linear buffer.<br />
<br />
Linearize request before option parsing and derive ns from the linear<br />
network header.
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/2ba4caba423ed94d63006eb1d2227b0332ab7fcd
- https://git.kernel.org/stable/c/3a30f6469b058574f49efde61cd6f5d79e576053
- https://git.kernel.org/stable/c/4f397b950c916e9a1f8a4fce04ea0110206cad47
- https://git.kernel.org/stable/c/658261898130da620fc3d0fbb0523efb3366cb55
- https://git.kernel.org/stable/c/9c55e41c73af5c4511070933b1bd25248521270c
- https://git.kernel.org/stable/c/a01aee7cafc575bb82f5529e8734e7052f9b16ea
- https://git.kernel.org/stable/c/bd91ec85aa4c77d645bd2739fc56784157a88ca2
- https://git.kernel.org/stable/c/c68433fd291c9e88c00292095172c62d1997d662