5.5

CVE-2026-31642

rxrpc: Fix call removal to use RCU safe deletion

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix call removal to use RCU safe deletion

Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu()
rather than list_del_init() to prevent stuffing up reading
/proc/net/rxrpc/calls from potentially getting into an infinite loop.

This, however, means that list_empty() no longer works on an entry that's
been deleted from the list, making it harder to detect prior deletion.  Fix
this by:

Firstly, make rxrpc_destroy_all_calls() only dump the first ten calls that
are unexpectedly still on the list.  Limiting the number of steps means
there's no need to call cond_resched() or to remove calls from the list
here, thereby eliminating the need for rxrpc_put_call() to check for that.

rxrpc_put_call() can then be fixed to unconditionally delete the call from
the list as it is the only place that the deletion occurs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.13.1 < 6.6.135
LinuxLinux Kernel Version >= 6.7 < 6.12.82
LinuxLinux Kernel Version >= 6.13 < 6.18.23
LinuxLinux Kernel Version >= 6.19 < 6.19.13
LinuxLinux Kernel Version4.13 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://git.kernel.org/stable/c/93fc15be44a35b8e3c58d0238ac0d9b7c53465ff
Patch
https://git.kernel.org/stable/c/c63abf25203b50243fe228090526f9dbf37727bd
Patch
https://git.kernel.org/stable/c/3be718f659683ad89fad6f1eb66bee99727cae64
Patch
https://git.kernel.org/stable/c/ac5f54691be06a32246179d41be2d73598036deb
Patch
https://git.kernel.org/stable/c/146d4ab94cf129ee06cd467cb5c71368a6b5bad6
Patch
https://git.kernel.org/stable/c/280efb85e9759881a9d31d0874baa04583cb6c09
https://git.kernel.org/stable/c/3e47a38e584b905359fe0ce5be5165d1e8592a90
https://git.kernel.org/stable/c/b15b1ce96777b88989a6a4de8d01efbcd81ad2d7