CVE-2026-31640

Source
https://cve.org/CVERecord?id=CVE-2026-31640
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31640.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31640
Downstream
Published
2026-04-24T14:44:54.024Z
Modified
2026-07-08T07:01:43.211570398Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
Details

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial

In rxrpcpostresponse(), the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but looks at the newer packet private data instead, rendering the comparison always false.

Fix this by switching to look at the older packet.

Fix further[1] to substitute the new packet in place of the old one if newer and also to release whichever we don't use.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31640.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5800b1cf3fd8ccab752a101865be1e76dac33142
Fixed
9132b1a7bf83b4a8042fffbc99d075b727a16742
Fixed
20386e7f8d97475b8d815873e246423317ec4260
Fixed
b33f5741bb187db8ff32e8f5b96def77cc94dfca

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31640.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.18.23
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31640.json"