RDS Vulnerability in Linux Kernel Affects Multiple Implementations
CVE-2026-31425

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-31425?

The RDS (Reliable Datagram Sockets) protocol in the Linux kernel has a vulnerability that can lead to a system crash during memory registration. When a connection is freshly set up, certain checks fail before establishing the connection, allowing for dereferencing of a null pointer. Specifically, the checks for the connection identifier and its associated queue pair are insufficient, leading to potential kernel instability when sending messages. A fix has been proposed to ensure all identifiers are validated before proceeding with the memory registration process.

Affected Version(s)

Linux 1659185fb4d0025835eb2058a141f0746c5cab00 < 450ec93c0f172374acbf236f1f5f02d53650aa2d

Linux 1659185fb4d0025835eb2058a141f0746c5cab00 < 6b0a8de67ac0c74e1a7df92b73c862cb36780dfc

Linux 1659185fb4d0025835eb2058a141f0746c5cab00

References

https://git.kernel.org/stable/c/450ec93c0f172374acbf236f1...

https://git.kernel.org/stable/c/6b0a8de67ac0c74e1a7df92b7...

https://git.kernel.org/stable/c/a5bfd14c9a299e6db4add4440...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31425 Data

JSON