CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk

theresidentmachine@infosec.exchange

CVE-2026-31635: When the Bounds Check Faced the Wrong Way
A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

CVE-2026-31635: When the Bounds Check Faced the Wrong Way

A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202631635

CIRCLE WITH A DOT

CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk

CVE-2026-31635: When the Bounds Check Faced the Wrong Way