CVE-2026-31632 - Vulnerability Details

- rxrpc: Fix leak of rxgk context in rxgk_verify_response()

Description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix leak of rxgk context in rxgk_verify_response()

Fix rxgk_verify_response() to clean up the rxgk context it creates.

Published: 2026-04-24

Score: 7.0 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a`	affected	< 4b5e8365515f4409de7d3b92a439154ee4f90f6d
`9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a`	affected	< 1bd3d01378c1f9ecd313d394b51c808c1f418615
`9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a`	affected	< 7e1876caa8363056f58a21d3b31b82c2daf7e608

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.23`	unaffected	≤ 6.18.*
`6.19.13`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1bd3d01378c1f9ecd313d394b51c808c1f418615
https://git.kernel.org/stable/c/4b5e8365515f4409de7d3b92a439154ee4f90f6d
https://git.kernel.org/stable/c/7e1876caa8363056f58a21d3b31b82c2daf7e608
https://lore.kernel.org/linux-cve-announce/2026042454-CVE-2026-31632-4da1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31632
https://www.cve.org/CVERecord?id=CVE-2026-31632

History

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026042454-CVE-2026-31632-4da1@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31632 https://www.cve.org/CVERecord?id=CVE-2026-31632
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgk_verify_response() Fix rxgk_verify_response() to clean up the rxgk context it creates.
Title		rxrpc: Fix leak of rxgk context in rxgk_verify_response()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1bd3d01378c1f9ecd313d394b51c808c1f418615 https://git.kernel.org/stable/c/4b5e8365515f4409de7d3b92a439154ee4f90f6d https://git.kernel.org/stable/c/7e1876caa8363056f58a21d3b31b82c2daf7e608

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:44:47.969Z

Updated: 2026-04-24T14:44:47.969Z

Reserved: 2026-03-09T15:48:24.125Z

Link: CVE-2026-31632

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-24T15:16:42.517

Modified: 2026-04-24T17:51:40.810

Link: CVE-2026-31632

Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31632 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-772

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object