IM
IronMonkey Threat Research

CVE-2026-31670 MEDIUM

Published: 2026-04-24 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702b40329e00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd604dc0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bde4f13c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd152d40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf6680> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf4600> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd6077c0> Operating System
linux linux_kernel 2.6.31 <built-in method update of dict object at 0x702b4032aec0> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702bdd605240> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702bcbbf4280> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702b40329980> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702b4032a9c0> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702bdd151ac0> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702b4032b980> Operating System
linux linux_kernel 7.0 <built-in method update of dict object at 0x702bdd6072c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

References

Notification
Message here