Resource Leak in Linux Kernel Affecting RxRPC Functionality
CVE-2026-31639

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31639?

A resource leak vulnerability exists in the Linux kernel's RxRPC subsystem, specifically during the client call creation process. When a client call is initiated using the function 'rxrpc_alloc_client_call()', a reference to the key is obtained, but this reference is not properly released when the call is destroyed, leading to a key reference count leak. The issue is resolved in the update where the key is now appropriately freed in 'rxrpc_destroy_call()', ensuring that the reference count does not remain elevated unnecessarily. This fix prevents potential resource exhaustion and enhances the stability of the RxRPC functionality in the Linux kernel.

Affected Version(s)

Linux f3441d4125fc98995858550a5521b8d7daf0504a

Linux f3441d4125fc98995858550a5521b8d7daf0504a < 2e6ef713b1598f6acd7f302fa6b12b6731c89914

References

https://git.kernel.org/stable/c/f1a7a3ab0f35f83cf11bba906...

https://git.kernel.org/stable/c/e6b7943c5dc875647499da09b...

https://git.kernel.org/stable/c/2e6ef713b1598f6acd7f302fa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31639 Data

JSON