{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31670", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.130Z", "datePublished": "2026-04-24T14:45:17.958Z", "dateUpdated": "2026-05-11T22:13:22.249Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:13:22.249Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: prevent unlimited numbers of rfkill events from being created\n\nUserspace can create an unlimited number of rfkill events if the system\nis so configured, while not consuming them from the rfkill file\ndescriptor, causing a potential out of memory situation. Prevent this\nfrom bounding the number of pending rfkill events at a \"large\" number\n(i.e. 1000) to prevent abuses like this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rfkill/core.c"], "versions": [{"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "e3842779547c83150569071d9980517cc9029fc0", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "673d2a3eef6e0ee9736501a150c9e4024a4e60a6", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "82843afc19012a29ba863961ef494165aa1a88f4", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "a8c26800e0220e1550af012f5a20e50f5c78864d", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "80ce4cb026f0a4c4532b6cad827b44debda6256a", "status": "affected", "versionType": "git"}, {"version": "c64fb01627e24725d1f9d535e4426475a4415753", "lessThan": "ea245d78dec594372e27d8c79616baf49e98a4a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rfkill/core.c"], "versions": [{"version": "2.6.31", "status": "affected"}, {"version": "0", "lessThan": "2.6.31", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.169", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.135", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.82", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.23", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.13", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.1.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.6.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.12.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.18.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.19.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4"}, {"url": "https://git.kernel.org/stable/c/b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca"}, {"url": "https://git.kernel.org/stable/c/e3842779547c83150569071d9980517cc9029fc0"}, {"url": "https://git.kernel.org/stable/c/673d2a3eef6e0ee9736501a150c9e4024a4e60a6"}, {"url": "https://git.kernel.org/stable/c/82843afc19012a29ba863961ef494165aa1a88f4"}, {"url": "https://git.kernel.org/stable/c/a8c26800e0220e1550af012f5a20e50f5c78864d"}, {"url": "https://git.kernel.org/stable/c/80ce4cb026f0a4c4532b6cad827b44debda6256a"}, {"url": "https://git.kernel.org/stable/c/ea245d78dec594372e27d8c79616baf49e98a4a1"}], "title": "net: rfkill: prevent unlimited numbers of rfkill events from being created", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "57E89197-6305-4D47-AE24-4D5D20CC8429", "versionEndExcluding": "5.10.253", "versionStartIncluding": "2.6.31.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451", "versionEndExcluding": "6.1.169", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15C1A1B2-14EE-494C-AF3E-D5A7BA640B39", "versionEndExcluding": "6.6.135", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02904CAE-71D2-45B3-9EC3-F6A9D18B6307", "versionEndExcluding": "6.12.82", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F", "versionEndExcluding": "6.18.23", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1490EF9B-9080-481C-8D22-1306AAE664E4", "versionEndExcluding": "6.19.13", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*", "matchCriteriaId": "2887290A-1B43-4DB9-A9D0-B0B56CD78E48", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: prevent unlimited numbers of rfkill events from being created\n\nUserspace can create an unlimited number of rfkill events if the system\nis so configured, while not consuming them from the rfkill file\ndescriptor, causing a potential out of memory situation. Prevent this\nfrom bounding the number of pending rfkill events at a \"large\" number\n(i.e. 1000) to prevent abuses like this."}], "id": "CVE-2026-31670", "lastModified": "2026-04-27T20:10:26.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:46.790", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/673d2a3eef6e0ee9736501a150c9e4024a4e60a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/80ce4cb026f0a4c4532b6cad827b44debda6256a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82843afc19012a29ba863961ef494165aa1a88f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a8c26800e0220e1550af012f5a20e50f5c78864d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3842779547c83150569071d9980517cc9029fc0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea245d78dec594372e27d8c79616baf49e98a4a1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: rfkill: prevent unlimited numbers of rfkill events from being created", "id": "2461568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461568"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in the Linux kernel's rfkill component. A local user can exploit this by creating an excessive number of rfkill events without properly consuming them. This can lead to a denial of service (DoS) due to an out-of-memory condition, impacting system stability and availability."], "name": "CVE-2026-31670", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31670\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31670\nhttps://lore.kernel.org/linux-cve-announce/2026042407-CVE-2026-31670-d54c@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,e3842779547c83150569071d9980517cc9029fc0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,673d2a3eef6e0ee9736501a150c9e4024a4e60a6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,82843afc19012a29ba863961ef494165aa1a88f4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,a8c26800e0220e1550af012f5a20e50f5c78864d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,80ce4cb026f0a4c4532b6cad827b44debda6256a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c64fb01627e24725d1f9d535e4426475a4415753,ea245d78dec594372e27d8c79616baf49e98a4a1)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.6.31"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.6.31)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T13:41:57.355983+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that contains the rfkill event\u2011bounding patch.", "Reboot the system or reload the kernel module so that the updated code is active.", "If a kernel update is not immediately feasible, restrict rfkill write permissions or disable rfkill functionality on the host to prevent creation of excessive events.", "Monitor kernel memory usage for abnormal spikes that could indicate a related resource exhaustion attempt."], "summary": {"action": "Apply Patch", "impact": "Potential out-of-memory condition due to unlimited rfkill events"}, "threat_synthesis": {"affected_systems": "All Linux kernel implementations are affected because the bug exists before the patch. The Common Platform Enumeration strings cover kernels from 2.6.31 through multiple 7.0 release candidates, indicating a broad impact across legacy and current kernel versions.", "description_and_impact": "The vulnerability allows a userspace application to create an unlimited number of rfkill events in the Linux kernel, which can exhaust kernel memory and trigger an out\u2011of\u2011memory situation. This uncontrolled resource consumption corresponds to CWE\u2011770 and can degrade system stability by consuming critical kernel memory.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: a process with write access to the rfkill interface can repeatedly issue event creation commands, and the kernel previously accepted an unlimited number. After the patch, the index of pending events is bounded at a large number (1000) to prevent abuse. Because the bug requires interaction with the rfkill subsystem, users with sufficient permissions or access to the userspace rfkill utilities can trigger the issue prior to patching."}}}}, "created": "2026-04-27T18:45:11.312545+00:00", "updated": "2026-04-28T13:45:06.143814+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}