Resource Management Flaw in Linux Kernel Affects Network Communication
CVE-2026-31640

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31640?

A vulnerability present in the Linux kernel impacts the response handling of the RxRPC protocol. The flaw arises from an incorrect comparison of the challenge serial number in the rxrpc_post_response() function. Instead of correctly utilizing the cached response's challenge serial, the code erroneously uses the data from a newer packet, which leads to consistent false comparisons. This defect not only hinders proper decision making but may also allow attackers to exploit the response handling mechanism. Remediation involves switching the focus back to the older packet for accurate comparisons and ensuring that unused packets are properly managed.

Affected Version(s)

Linux 5800b1cf3fd8ccab752a101865be1e76dac33142 < 9132b1a7bf83b4a8042fffbc99d075b727a16742

Linux 5800b1cf3fd8ccab752a101865be1e76dac33142 < 20386e7f8d97475b8d815873e246423317ec4260

Linux 5800b1cf3fd8ccab752a101865be1e76dac33142

References

https://git.kernel.org/stable/c/9132b1a7bf83b4a8042fffbc9...

https://git.kernel.org/stable/c/20386e7f8d97475b8d815873e...

https://git.kernel.org/stable/c/b33f5741bb187db8ff32e8f5b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31640 Data

JSON