What is CVE-2026-31670?

A medium-severity vulnerability in the Linux kernel allows userspace to generate unlimited rfkill events, potentially leading to out of memory issues. Immediate patching is recommended to mitigate this risk.

What is the severity of CVE-2026-31670?

CVE-2026-31670 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2026-31670 | Medium Vulnerability in Linux Kernel

In the Linux kernel, a medium-severity vulnerability has been identified. This vulnerability allows userspace to create an unlimited number of rfkill events if the system is configured accordingly. Since these events are not consumed from the rfkill file descriptor, it can lead to a potential out of memory situation. The issue has been resolved by implementing a limit on the number of pending rfkill events, capping it at a large number (i.e., 1000) to prevent abuse and ensure system stability.

The CVSS score for this vulnerability is 5.5, indicating a medium severity level. The attack vector is local, and the attack complexity is low, meaning that minimal skill is required for an attacker to exploit this vulnerability. The potential impact on availability is high, as it can lead to system crashes or unresponsiveness.

Organizations should prioritize patching this vulnerability immediately to mitigate any risks associated with system instability and potential denial of service. As of now, there are no known exploits in the wild, but the nature of the vulnerability makes it critical for defenders to act swiftly.

The vulnerability was published on April 24, 2026, and has undergone analysis to ensure that appropriate measures have been implemented in the latest kernel versions.

Vulnerability Details

This vulnerability allows userspace to create an unlimited number of rfkill events, potentially leading to an out of memory situation.

Severity: Medium

CVSS Score: 5.5

Affected Product: Linux Kernel

Published Date: April 24, 2026

Technical Analysis

The root cause of this vulnerability is the lack of limits on rfkill event creation in userspace. This flaw allows attackers to generate an excessive number of events, leading to resource exhaustion.

The attack vector is local, which means the attacker must have access to the system. The complexity of the attack is low, as it requires minimal technical expertise. No user interaction is needed to exploit this vulnerability.

The impacts on confidentiality and integrity are none, but the availability impact is high, as it can prevent the system from functioning correctly.

Risk & Impact Analysis

Risk to organizations includes potential system crashes and denial of service due to excessive resource consumption. The vulnerability affects systems running vulnerable versions of the Linux kernel, making it critical for organizations to assess their exposure.

The blast radius is significant, as many systems utilize the Linux kernel. Organizations should prioritize addressing this vulnerability based on its medium CVSS score and the potential for exploitation, even in the absence of known active exploits.

Given the CVSS score of 5.5, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects all versions of the Linux kernel from 2.6.31.1 up to versions prior to 5.10.253, as well as several other version ranges including 5.11 to 5.15.203 and 5.16 to 6.1.169.

Mitigation & Remediation

Organizations should apply the latest patches provided by the Linux kernel maintainers to remediate this vulnerability. If the patch is unavailable, consider implementing configuration hardening to limit the number of rfkill events that can be created.

For further guidance on security practices, organizations can refer to resources such as penetration testing services.

Detection Guidance

Monitor logs for unusual patterns of rfkill event generation which may indicate exploitation attempts. Behavioral anomalies in system performance may also serve as indicators of this vulnerability being exploited.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-31670 reflects a continuing trend of vulnerabilities associated with resource exhaustion in kernel systems. Security teams should remain vigilant regarding such vulnerabilities and develop strategies to prevent potential exploitation.

For additional insights on vulnerability management, organizations can explore our guide on vulnerability management programs. Understanding the patterns of vulnerabilities can help organizations adopt a proactive approach.

Additionally, staying informed on best practices for penetration testing can further enhance an organization’s security posture.

Lastly, organizations should consider the implications of this vulnerability for their overall security strategy, ensuring that they are prepared for similar vulnerabilities in the future.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-31670: Medium Vulnerability in Linux Kernel