CVE-2026-31752
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability was found in the Linux kernel's bridge br_nd_send() function, which processes Neighbor Discovery (ND) options. Lack of option length validation may allow out-of-bounds read or use of a too-short source LLADDR option.
Risk Assessment
An attacker on the local network can send a crafted ND packet, causing a system panic or potential kernel memory leak.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit with ND option length validation).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: validate ND option lengths br_nd_send() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option payload. Validate option lengths against the remaining NS option area before advancing, and only read source LLADDR when the option is large enough for an Ethernet address.

