Linux Kernel Vulnerability in RXRPC Call Management
CVE-2026-31642

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31642?

A vulnerability in the Linux kernel's RXRPC call management system allows for improper handling of call removals from the rxnet->calls list. The issue arose from using list_del_init() instead of list_del_rcu(), which could lead to reading /proc/net/rxrpc/calls getting stuck in an infinite loop. The resolution involves ensuring that deleted entries are handled more efficiently, making it challenging to detect prior deletions. The fix enhances throughput and stability by limiting the number of calls displayed when unexpected entries remain on the list.

Affected Version(s)

Linux 2baec2c3f854d1f79c7bb28386484e144e864a14 < 93fc15be44a35b8e3c58d0238ac0d9b7c53465ff

Linux 2baec2c3f854d1f79c7bb28386484e144e864a14

Linux 2baec2c3f854d1f79c7bb28386484e144e864a14 < 3be718f659683ad89fad6f1eb66bee99727cae64

References

https://git.kernel.org/stable/c/93fc15be44a35b8e3c58d0238...

https://git.kernel.org/stable/c/c63abf25203b50243fe228090...

https://git.kernel.org/stable/c/3be718f659683ad89fad6f1eb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31642 Data

JSON