CVE-2026-31640

Summary

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial

In rxrpc_post_response(), the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but looks at the newer packet private data instead, rendering the comparison always false.

Fix this by switching to look at the older packet.

Fix further[1] to substitute the new packet in place of the old one if newer and also to release whichever we don't use.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5800b1cf3fd8ccab752a101865be1e76dac33142 < 9132b1a7bf83b4a8042fffbc99d075b727a16742affected
LinuxLinux5800b1cf3fd8ccab752a101865be1e76dac33142 < 20386e7f8d97475b8d815873e246423317ec4260affected
LinuxLinux5800b1cf3fd8ccab752a101865be1e76dac33142 < b33f5741bb187db8ff32e8f5b96def77cc94dfcaaffected
LinuxLinux6.16affected
LinuxLinux0 < 6.16unaffected
LinuxLinux6.18.23 <= 6.18.*unaffected
LinuxLinux6.19.13 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References