{"id":"CVE-2026-31752","summary":"bridge: br_nd_send: validate ND option lengths","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: br_nd_send: validate ND option lengths\n\nbr_nd_send() walks ND options according to option-provided lengths.\nA malformed option can make the parser advance beyond the computed\noption span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address.","modified":"2026-06-18T03:55:04.542163258Z","published":"2026-05-01T14:14:44.298Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31752.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/259466f76f5a2148aff11134e68f4b4c6d52725b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/82a42eceec7c6bdb0e0da94c0542a173b7ea57f2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/837392a38445729c22e03d3abcf33f07763efd85"},{"type":"WEB","url":"https://git.kernel.org/stable/c/850837965af15707fd3142c1cf3c5bfaf022299b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c49b9256bbacb6a135654aebd12e4c0e87166b7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e0bfd6d4dc77ab345b6c65eef0cfe9b2f69085aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e71303a9190496136e240c4f2872b7b0b16027a7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee02d8991fd7bd86ed6ebd0deb4aab53feb0e43a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31752.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31752"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ed842faeb2bd49256f00485402f3113205f91d30"},{"fixed":"82a42eceec7c6bdb0e0da94c0542a173b7ea57f2"},{"fixed":"259466f76f5a2148aff11134e68f4b4c6d52725b"},{"fixed":"ee02d8991fd7bd86ed6ebd0deb4aab53feb0e43a"},{"fixed":"e0bfd6d4dc77ab345b6c65eef0cfe9b2f69085aa"},{"fixed":"c49b9256bbacb6a135654aebd12e4c0e87166b7c"},{"fixed":"837392a38445729c22e03d3abcf33f07763efd85"},{"fixed":"e71303a9190496136e240c4f2872b7b0b16027a7"},{"fixed":"850837965af15707fd3142c1cf3c5bfaf022299b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31752.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31752.json"}}],"schema_version":"1.7.5"}