CVE-2026-31679
Improper Payload Validation in Linux Open vSwitch MPLS Actions
Publication date: 2026-04-25
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openvswitch | openvswitch | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's openvswitch component, specifically in how it validates MPLS (Multiprotocol Label Switching) set and set_masked payload lengths.
The function validate_set() incorrectly accepted OVS_KEY_ATTR_MPLS as a variable-sized payload for SET and SET_MASKED actions, while the openvswitch expects a fixed-size MPLS key data structure (struct ovs_key_mpls).
This mismatch could allow invalid MPLS action payload lengths to be processed, potentially leading to unexpected behavior.
The fix involves using the already normalized key length (including masked cases) and rejecting any MPLS action key sizes that do not match the expected fixed size, thereby rejecting invalid MPLS action payload lengths early.
How can this vulnerability impact me? :
This vulnerability involves improper validation of MPLS payload lengths in the openvswitch component of the Linux kernel. Specifically, the validate_set() function accepted variable-sized MPLS payloads where fixed-size data was expected, potentially allowing invalid MPLS action payloads to be processed.
The impact could include unexpected behavior or errors in network packet processing within openvswitch, which might lead to instability or incorrect handling of network traffic.