CVE-2026-31411Untrusted Pointer Dereference in Linux

CWE-822Untrusted Pointer Dereference8 documents8 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 8
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc pointer from msg->vcc and uses it directly without any validation. This pointer comes from userspace via sendmsg() and can be arbitrarily forged: int fd = socket(AF_ATMSVC, SOCK_DGRAM, 0); ioctl(fd, ATMSIGD_CTRL); // become ATM signaling daemon struct msghdr msg

Affected Packages3 packages

Debianlinux/linux_kernel< 6.18.14-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2c96549d07dfdd51aadf0722cfb40711574424840+8
debiandebian/linux< linux 6.18.14-1 (forky)

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.19.3 atm sigd_send null pointer dereference (Nessus ID 305621 / WID-SEC-2026-1037)2026-04-13
GHSA
GHSA-9q92-j4jr-j3jp: In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer ava2026-04-08
OSV
CVE-2026-31411: In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer avail2026-04-08

📋Vendor Advisories

2
Red Hat
kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()2026-04-08
Debian
CVE-2026-31411: linux - In the Linux kernel, the following vulnerability has been resolved: net: atm: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31411 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-31411 kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()2026-04-08