CVE-2026-31670
Published: April 25, 2026Last modified: May 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.170-r0) |
| 25 LTS | linux-lts | Fixed (6.12.85-r0) | |
| Stream | linux-lts | Fixed (6.12.85-r0) |
References
- https://git.kernel.org/stable/c/4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4
- https://git.kernel.org/stable/c/673d2a3eef6e0ee9736501a150c9e4024a4e60a6
- https://git.kernel.org/stable/c/80ce4cb026f0a4c4532b6cad827b44debda6256a
- https://git.kernel.org/stable/c/82843afc19012a29ba863961ef494165aa1a88f4
- https://git.kernel.org/stable/c/a8c26800e0220e1550af012f5a20e50f5c78864d
- https://git.kernel.org/stable/c/b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca
- https://git.kernel.org/stable/c/e3842779547c83150569071d9980517cc9029fc0
- https://git.kernel.org/stable/c/ea245d78dec594372e27d8c79616baf49e98a4a1