CVE-2026-31679 HIGH

CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length

Vendor Linux
Product Linux
Published April 25, 2026
Last update May 11, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for SET/SET_MASKED actions. In action handling, OVS expects fixed-size MPLS key data (struct ovs_key_mpls). Use the already normalized key_len (masked case included) and reject non-matching MPLS action key sizes. Reject invalid MPLS action payload lengths early.

Key dates

02Disclosure timeline

April 25, 2026 CVE published
May 11, 2026 Record updated