CVE-2026-31676
- Source
- https://cve.org/CVERecord?id=CVE-2026-31676
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31676.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31676
- Downstream
- Published
- 2026-04-25T08:46:52.285Z
- Modified
- 2026-04-26T04:22:21.023309Z
- Summary
- rxrpc: only handle RESPONSE during service challenge
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31676.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/03fd2ef73cb4ffd0af100a95b634af54f474414e
- https://git.kernel.org/stable/c/c43ffdcfdbb5567b1f143556df8a04b4eeea041c
- https://git.kernel.org/stable/c/d0035e634dae83237ab7f5681eb52b2f65d0ceb8
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31676.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31676