{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31738","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.138Z","datePublished":"2026-05-01T14:14:34.900Z","dateUpdated":"2026-05-11T22:14:48.439Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:14:48.439Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: validate ND option lengths in vxlan_na_create\n\nvxlan_na_create() walks ND options according to option-provided\nlengths. A malformed option can make the parser advance beyond the\ncomputed option span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/vxlan/vxlan_core.c"],"versions":[{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"901c1dd3bab2955d7e664f914c374c8c3ac2b958","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"e476745917a1e288eb15e7ff49d286a86a4861d3","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"2029712fb2c87e9a8c75094906f2ee29bf08c500","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"602596c69a70e50d9ab8c6ae0290a01f88229dd7","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"de20d2e3b9179d132f5f5b44e490d7c916c6321b","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"eddfce70a6f3107d1679b0c2fcbeb96b593bd679","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"b69c4236255bd8de16cd876e58c6f0867d1d78b1","status":"affected","versionType":"git"},{"version":"4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa","lessThan":"afa9a05e6c4971bd5586f1b304e14d61fb3d9385","status":"affected","versionType":"git"},{"version":"d8be18c52dbc94989f6d74637b731af39cd3d902","status":"affected","versionType":"git"},{"version":"3927dace523706cc00f808520eaf2125dd7c07b5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/vxlan/vxlan_core.c"],"versions":[{"version":"3.14","status":"affected"},{"version":"0","lessThan":"3.14","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/901c1dd3bab2955d7e664f914c374c8c3ac2b958"},{"url":"https://git.kernel.org/stable/c/e476745917a1e288eb15e7ff49d286a86a4861d3"},{"url":"https://git.kernel.org/stable/c/2029712fb2c87e9a8c75094906f2ee29bf08c500"},{"url":"https://git.kernel.org/stable/c/602596c69a70e50d9ab8c6ae0290a01f88229dd7"},{"url":"https://git.kernel.org/stable/c/de20d2e3b9179d132f5f5b44e490d7c916c6321b"},{"url":"https://git.kernel.org/stable/c/eddfce70a6f3107d1679b0c2fcbeb96b593bd679"},{"url":"https://git.kernel.org/stable/c/b69c4236255bd8de16cd876e58c6f0867d1d78b1"},{"url":"https://git.kernel.org/stable/c/afa9a05e6c4971bd5586f1b304e14d61fb3d9385"}],"title":"vxlan: validate ND option lengths in vxlan_na_create","x_generator":{"engine":"bippy-1.2.0"}}}}