<![CDATA[CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk]]>

<![CDATA[CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk]]>CVE-2026-31635: When the Bounds Check Faced the Wrong Way
A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

CVE-2026-31635: When the Bounds Check Faced the Wrong Way

A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202631635

]]>https://board.circlewithadot.net/topic/e0789606-7668-4d1e-863b-aa2c77fb22da/cve-2026-31635-when-the-bounds-check-faced-the-wrong-waya-single-character-in-net-rxrpc-rxgkRSS for NodeMon, 25 May 2026 06:10:27 GMTTue, 19 May 2026 21:15:15 GMT60