Reference Count Leak in Linux Kernel's RXRPC Server Keyring
CVE-2026-31634

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31634?

A vulnerability in the Linux Kernel related to the RXRPC server has been patched to address a reference count leak. When checking the rxrpc_server_keyring(), it was identified that the reference count could potentially leak if the rx->securities attribute was already set. The fix ensures proper management of reference counting in this context, enhancing the security of the RXRPC server implementation. This patch is critical for maintaining stable and secure operations within affected versions of the Linux Kernel.

Affected Version(s)

Linux 17926a79320afa9b95df6b977b40cca6d8713cea

Linux 17926a79320afa9b95df6b977b40cca6d8713cea < 9ce36d28f67c2a477a7e2f03480de3f6783fb363

References

https://git.kernel.org/stable/c/fc76d0bd00850b7372f0a4a31...

https://git.kernel.org/stable/c/c6d9ea26cf8756ad6f162578e...

https://git.kernel.org/stable/c/9ce36d28f67c2a477a7e2f034...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31634 Data

JSON