Memory Leak in Linux Kernel's rxrpc: Vulnerability in Key Parsing
CVE-2026-31643

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31643?

A memory leak vulnerability has been identified in the Linux kernel's rxrpc module. Specifically, in the function rxrpc_preparse_xdr_yfs_rxgk(), memory allocated for the token's rxgk could be improperly freed due to certain error paths during execution. This oversight can lead to increased memory consumption, potentially affecting system performance and stability. The vulnerability has been addressed by ensuring that the memory is correctly released in the 'reject_token' scenario, thereby improving the overall reliability of the kernel.

Affected Version(s)

Linux 0ca100ff4df64f5d0f6c1dd5080c3e096786bea6

Linux 0ca100ff4df64f5d0f6c1dd5080c3e096786bea6 < 01f51318feb626deee1d0c8a190198cd7857d599

Linux 0ca100ff4df64f5d0f6c1dd5080c3e096786bea6

References

https://git.kernel.org/stable/c/d5f76f812d2c0ea6dd651b058...

https://git.kernel.org/stable/c/01f51318feb626deee1d0c8a1...

https://git.kernel.org/stable/c/b555912b9b21075e8298015f8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31643 Data

JSON