{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: openvswitch: validate MPLS set/set_masked payload length",
    "id" : "2461762",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461762"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-1284",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nopenvswitch: validate MPLS set/set_masked payload length\nvalidate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for\nSET/SET_MASKED actions. In action handling, OVS expects fixed-size\nMPLS key data (struct ovs_key_mpls).\nUse the already normalized key_len (masked case included) and reject\nnon-matching MPLS action key sizes.\nReject invalid MPLS action payload lengths early.", "A flaw was found in the Linux kernel's openvswitch component. This vulnerability arises from improper validation of Multiprotocol Label Switching (MPLS) payload lengths during SET/SET_MASKED actions. An attacker could potentially exploit this by providing malformed MPLS key data, leading to unexpected behavior or a denial of service (DoS) condition within the kernel." ],
  "statement" : "OVS MPLS set/masked actions now validate payload lengths before memcpy, closing OOB setup paths. Red Hat advises OVS dataplane deployments to patch promptly.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31679\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31679\nhttps://lore.kernel.org/linux-cve-announce/2026042544-CVE-2026-31679-7f32@gregkh/T" ],
  "name" : "CVE-2026-31679",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the openvswitch module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}