Home/CVE/In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header fo
CVE

CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header fo

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets eui64_mt6() derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects an invalid MAC header when par-fragoff != 0. For packets with par-fragoff == 0, eui64_mt6() can still reach eth_hdr(skb) even when the MAC header is not valid.

Fix this by removing the par-fragoff != 0 condition so that packets with an invalid MAC header are rejected before accessing eth_hdr(skb).

CRITICAL · CVSS 9.4 EPSS 0.00076
Schedule remediation
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Affected Products & Versions

5
linux kernel>= 2.6.12.1 and < 6.6.136
linux kernel>= 6.7 and < 6.12.83
linux kernel>= 6.13 and < 6.18.24
linux kernel>= 6.19 and < 6.19.14
linux kernelall versions

Scoring & Timeline

9.4
CRITICAL · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD25 Apr 2026 · 09:16 AM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Vendor Advisories

5
rhsaRHSA-2026:21557Moderate
rhsaRHSA-2026:21556Moderate
rhsaRHSA-2026:21745Moderate
rhsaRHSA-2026:21706Moderate
msrcCVE-2026-31685
🔗

References & Sources

5
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://git.kernel.org/stable/c/288138418bef956f8b295751a4536c60f0e89f4aPatch
https://git.kernel.org/stable/c/309ae3e9a51a69699ca94eac5fac5688fa562d55Patch
https://git.kernel.org/stable/c/807d6ee15804df6f01a35c910f09612e858739a6Patch
https://git.kernel.org/stable/c/9eda5478746ef7dc0e4e537b5a5e4b0ca1027091Patch
https://git.kernel.org/stable/c/fdce0b3590f724540795b874b4c8850c90e6b0a8Patch
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin