7.5
CVE-2026-31640
- EPSS 0.43%
- Veröffentlicht 24.04.2026 14:44:54
- Zuletzt bearbeitet 27.04.2026 20:20:22
- CVE-Watchlists
- Unerledigt
rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc_post_response(), the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but looks at the newer packet private data instead, rendering the comparison always false. Fix this by switching to look at the older packet. Fix further[1] to substitute the new packet in place of the old one if newer and also to release whichever we don't use.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.16.1 < 6.18.23
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.13
Linux ≫ Linux Kernel Version6.16 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
Linux ≫ Linux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.339 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/9132b1a7bf83b4a8042fffbc99d075b727a16742
https://git.kernel.org/stable/c/20386e7f8d97475b8d815873e246423317ec4260
https://git.kernel.org/stable/c/b33f5741bb187db8ff32e8f5b96def77cc94dfca