CVE Catalog

CVE-2026-31670

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in the Linux kernel's rfkill mechanism allows userspace to create an unlimited number of rfkill events without consuming them from the file descriptor, potentially leading to an out-of-memory condition.

Risk Assessment

A local attacker could cause a denial of service (DoS) by overwhelming the system with excessive rfkill events, potentially leading to system hang or crash.

Recommendation

Immediately update the Linux kernel to a version that includes the fix limiting pending rfkill events to 1000.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS