Improper Validation of Specified Type of Input in perf | CVE-2026-31685

Threat Intelligence

0.07% (21^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL10-PERF-16312435
published28 Apr 2026
disclosed25 Apr 2026

Report a new vulnerability Found a mistake?

Introduced: 25 Apr 2026

CVE-2026-31685 (opens in a new tab) CWE-1287 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets

eui64_mt6() derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address.

The existing guard only rejects an invalid MAC header when par->fragoff != 0. For packets with par->fragoff == 0, eui64_mt6() can still reach eth_hdr(skb) even when the MAC header is not valid.

Fix this by removing the par->fragoff != 0 condition so that packets with an invalid MAC header are rejected before accessing eth_hdr(skb).

Improper Validation of Specified Type of Input The advisory has been revoked - it doesn't affect any version of package perf (opens in a new tab)

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 25 Apr 2026

Amendment

NVD Description

References