VYPR
Critical severity9.4NVD Advisory· Published Apr 25, 2026· Updated Jun 1, 2026

CVE-2026-31685

CVE-2026-31685

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets

eui64_mt6() derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address.

The existing guard only rejects an invalid MAC header when par->fragoff != 0. For packets with par->fragoff == 0, eui64_mt6() can still reach eth_hdr(skb) even when the MAC header is not valid.

Fix this by removing the par->fragoff != 0 condition so that packets with an invalid MAC header are rejected before accessing eth_hdr(skb).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

102

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.