CVE-2026-31752 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

bridge: br_nd_send: validate ND option lengths

br_nd_send() walks ND options according to option-provided lengths.
A malformed option can make the parser advance beyond the computed
option span or use a too-short source LLADDR option payload.

Validate option lengths against the remaining NS option area before
advancing, and only read source LLADDR when the option is large enough
for an Ethernet address.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< 82a42eceec7c6bdb0e0da94c0542a173b7ea57f2
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< 259466f76f5a2148aff11134e68f4b4c6d52725b
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< ee02d8991fd7bd86ed6ebd0deb4aab53feb0e43a
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< e0bfd6d4dc77ab345b6c65eef0cfe9b2f69085aa
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< c49b9256bbacb6a135654aebd12e4c0e87166b7c
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< 837392a38445729c22e03d3abcf33f07763efd85
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< e71303a9190496136e240c4f2872b7b0b16027a7
`ed842faeb2bd49256f00485402f3113205f91d30`	affected	< 850837965af15707fd3142c1cf3c5bfaf022299b

Linux

affected

Version	Status	Constraints
`4.15`	affected	—
`0`	unaffected	< 4.15
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/259466f76f5a2148aff11134e68f4b4c6d52725b
https://git.kernel.org/stable/c/82a42eceec7c6bdb0e0da94c0542a173b7ea57f2
https://git.kernel.org/stable/c/837392a38445729c22e03d3abcf33f07763efd85
https://git.kernel.org/stable/c/850837965af15707fd3142c1cf3c5bfaf022299b
https://git.kernel.org/stable/c/c49b9256bbacb6a135654aebd12e4c0e87166b7c
https://git.kernel.org/stable/c/e0bfd6d4dc77ab345b6c65eef0cfe9b2f69085aa
https://git.kernel.org/stable/c/e71303a9190496136e240c4f2872b7b0b16027a7
https://git.kernel.org/stable/c/ee02d8991fd7bd86ed6ebd0deb4aab53feb0e43a
https://lore.kernel.org/linux-cve-announce/2026050143-CVE-2026-31752-5596@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31752
https://www.cve.org/CVERecord?id=CVE-2026-31752

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-805
References		https://lore.kernel.org/linux-cve-announce/2026050143-CVE-2026-31752-5596@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31752 https://www.cve.org/CVERecord?id=CVE-2026-31752
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: validate ND option lengths br_nd_send() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option payload. Validate option lengths against the remaining NS option area before advancing, and only read source LLADDR when the option is large enough for an Ethernet address.
Title		bridge: br_nd_send: validate ND option lengths
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/259466f76f5a2148aff11134e68f4b4c6d52725b https://git.kernel.org/stable/c/82a42eceec7c6bdb0e0da94c0542a173b7ea57f2 https://git.kernel.org/stable/c/837392a38445729c22e03d3abcf33f07763efd85 https://git.kernel.org/stable/c/850837965af15707fd3142c1cf3c5bfaf022299b https://git.kernel.org/stable/c/c49b9256bbacb6a135654aebd12e4c0e87166b7c https://git.kernel.org/stable/c/e0bfd6d4dc77ab345b6c65eef0cfe9b2f69085aa https://git.kernel.org/stable/c/e71303a9190496136e240c4f2872b7b0b16027a7 https://git.kernel.org/stable/c/ee02d8991fd7bd86ed6ebd0deb4aab53feb0e43a

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:44.298Z

Updated: 2026-05-01T14:14:44.298Z

Reserved: 2026-03-09T15:48:24.139Z

Link: CVE-2026-31752

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:38.090

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31752

Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31752 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T07:30:36Z

Weaknesses

CWE-805

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object