CVE-2026-31670
Description
In the Linux kernel, the following vulnerability has been resolved:
net: rfkill: prevent unlimited numbers of rfkill events from being created
Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, rfkill event queue lacks a limit, allowing userspace to exhaust memory by flooding events without reading them.
Vulnerability
Details
The Linux kernel's rfkill subsystem allows userspace to create an unlimited number of rfkill events when the system is configured appropriately. If userspace does not consume these events from the rfkill file descriptor, the kernel can accumulate an unbounded number of pending events, potentially leading to an out-of-memory (OOM) condition. The fix introduces a limit of 1000 pending events to prevent abuse [1].
Exploitation
An attacker with local access and the ability to generate rfkill events (e.g., through /dev/rfkill or netlink) can exploit this by rapidly creating events without reading them. The attack requires no special privileges beyond the ability to interact with the rfkill interface, depending on system configuration. The vulnerability is triggered purely by event generation and lack of consumption.
Impact
Successful exploitation can exhaust system memory, leading to denial of service (DoS) through system instability or crash. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and availability impact.
Mitigation
The fix has been applied in the Linux kernel stable tree, bounding pending rfkill events to 1000 [1]. Users should update to a kernel version that includes this commit. No workaround is documented.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.31.1,<5.10.253
- cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4nvdPatch
- git.kernel.org/stable/c/673d2a3eef6e0ee9736501a150c9e4024a4e60a6nvdPatch
- git.kernel.org/stable/c/80ce4cb026f0a4c4532b6cad827b44debda6256anvdPatch
- git.kernel.org/stable/c/82843afc19012a29ba863961ef494165aa1a88f4nvdPatch
- git.kernel.org/stable/c/a8c26800e0220e1550af012f5a20e50f5c78864dnvdPatch
- git.kernel.org/stable/c/b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5canvdPatch
- git.kernel.org/stable/c/e3842779547c83150569071d9980517cc9029fc0nvdPatch
- git.kernel.org/stable/c/ea245d78dec594372e27d8c79616baf49e98a4a1nvdPatch
News mentions
0No linked articles in our index yet.