CVE-2026-31662

Source
https://cve.org/CVERecord?id=CVE-2026-31662
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31662.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31662
Downstream
Related
Published
2026-04-24T14:45:12.593Z
Modified
2026-07-09T18:30:29.229802313Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bcackers underflow on duplicate GRPACK_MSG

The GRPACKMSG handler in tipcgroupprotorcv() currently decrements bcackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast round.

Because bcackers is a u16, a duplicate ACK received after the last legitimate ACK wraps the counter to 65535. Once wrapped, tipcgroupbccong() keeps reporting congestion and later group broadcasts on the affected socket stay blocked until the group is recreated.

Fix this by ignoring duplicate or stale ACKs before touching bcacked or bcackers. This makes repeated GRPACKMSG handling idempotent and prevents the underflow path.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31662.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2f487712b89376fce267223bbb0db93d393d4b09
Fixed
a7db57ccca21f5801609065473c89a38229ecb92
Fixed
36ec4fdd6250dcd5e73eb09ea92ed92e9cc28412
Fixed
575faea557f1a184a5f09661bd47ebd3ef3769f8
Fixed
3bcf7aca63f0bcd679ae28e9b99823c608e59ce3
Fixed
a2ea1ef0167d7a84730638d05c20ccdc421b14b6
Fixed
1b6f13f626665cac67ba5a012765427680518711
Fixed
e0bb732eaf77f9ac2f2638bdac9e39b81e0a9682
Fixed
48a5fe38772b6f039522469ee6131a67838221a8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31662.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.169
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.135
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.82
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.23
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31662.json"