{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31640", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.125Z", "datePublished": "2026-04-24T14:44:54.024Z", "dateUpdated": "2026-04-24T14:44:54.024Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-24T14:44:54.024Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix use of wrong skb when comparing queued RESP challenge serial\n\nIn rxrpc_post_response(), the code should be comparing the challenge serial\nnumber from the cached response before deciding to switch to a newer\nresponse, but looks at the newer packet private data instead, rendering the\ncomparison always false.\n\nFix this by switching to look at the older packet.\n\nFix further[1] to substitute the new packet in place of the old one if\nnewer and also to release whichever we don't use."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/trace/events/rxrpc.h", "net/rxrpc/conn_event.c"], "versions": [{"version": "5800b1cf3fd8ccab752a101865be1e76dac33142", "lessThan": "9132b1a7bf83b4a8042fffbc99d075b727a16742", "status": "affected", "versionType": "git"}, {"version": "5800b1cf3fd8ccab752a101865be1e76dac33142", "lessThan": "20386e7f8d97475b8d815873e246423317ec4260", "status": "affected", "versionType": "git"}, {"version": "5800b1cf3fd8ccab752a101865be1e76dac33142", "lessThan": "b33f5741bb187db8ff32e8f5b96def77cc94dfca", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/trace/events/rxrpc.h", "net/rxrpc/conn_event.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.23", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.13", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.19.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9132b1a7bf83b4a8042fffbc99d075b727a16742"}, {"url": "https://git.kernel.org/stable/c/20386e7f8d97475b8d815873e246423317ec4260"}, {"url": "https://git.kernel.org/stable/c/b33f5741bb187db8ff32e8f5b96def77cc94dfca"}], "title": "rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix use of wrong skb when comparing queued RESP challenge serial\n\nIn rxrpc_post_response(), the code should be comparing the challenge serial\nnumber from the cached response before deciding to switch to a newer\nresponse, but looks at the newer packet private data instead, rendering the\ncomparison always false.\n\nFix this by switching to look at the older packet.\n\nFix further[1] to substitute the new packet in place of the old one if\nnewer and also to release whichever we don't use."}], "id": "CVE-2026-31640", "lastModified": "2026-04-24T17:51:40.810", "metrics": {}, "published": "2026-04-24T15:16:43.357", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/20386e7f8d97475b8d815873e246423317ec4260"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9132b1a7bf83b4a8042fffbc99d075b727a16742"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b33f5741bb187db8ff32e8f5b96def77cc94dfca"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial", "id": "2461555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461555"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1025", "details": ["A flaw was found in the Linux kernel's rxrpc component. This vulnerability occurs in the `rxrpc_post_response()` function, where the system incorrectly compares a newer network packet's data instead of the expected cached response. This error causes the challenge serial number comparison to always be false, preventing the system from correctly evaluating and potentially switching to newer network responses. This could lead to the system operating with outdated information or processing network communications incorrectly, potentially impacting the reliability of network services."], "name": "CVE-2026-31640", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31640\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31640\nhttps://lore.kernel.org/linux-cve-announce/2026042456-CVE-2026-31640-3477@gregkh/T"], "threat_severity": "Moderate"}

{}