CVE-2026-31417
Analyzed Analyzed - Analysis Complete
Integer Overflow in Linux Kernel X.25 Socket Fragment Handling

Publication date: 2026-04-13

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` also needs to be resetted when purging `fragment_queue` in `x25_clear_queues()`.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31417
EUVD
EUVD-2026-21938
Affected Vendors & Products
Showing 19 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 2.6.12.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's net/x25 subsystem. It involves an overflow issue when accumulating packets. Specifically, the variable `x25_sock.fraglen` could overflow because there was no proper check in place. The fix adds a check to prevent this overflow and ensures that `fraglen` is reset when purging the fragment queue in the function `x25_clear_queues()`.

Impact Analysis

This vulnerability in the Linux kernel's net/x25 subsystem involves an overflow issue when accumulating packets due to improper handling of the fraglen field. If exploited, it could potentially lead to memory corruption or unexpected behavior in the kernel's packet processing, which might cause system instability or crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31417. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart