CVE-2026-31643
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:44:57
- Zuletzt bearbeitet 27.04.2026 20:19:26
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it...
CVE-2026-31641
- EPSS 0.14%
- Veröffentlicht 24.04.2026 14:44:56
- Zuletzt bearbeitet 30.06.2026 03:18:26
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpc_preparse_xdr_yfs_rxgk() reads the raw key length and ticket length from the XDR token as u32 values and passes each through roun...
CVE-2026-31642
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:44:56
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather than list_del_init() to prevent stuffing up reading ...
CVE-2026-31640
- EPSS 0.43%
- Veröffentlicht 24.04.2026 14:44:54
- Zuletzt bearbeitet 27.04.2026 20:20:22
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc_post_response(), the code should be comparing the challenge serial number from the cached response ...
CVE-2026-31638
- EPSS 0.44%
- Veröffentlicht 24.04.2026 14:44:52
- Zuletzt bearbeitet 27.04.2026 20:20:36
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc_input_packet_on_conn() can process a to-client packet after the current client call on the channel has already been torn down...
CVE-2026-31639
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:44:52
- Zuletzt bearbeitet 27.04.2026 20:20:27
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a reference to the key. This is never cleaned up and ...
CVE-2026-31637
- EPSS 0.51%
- Veröffentlicht 24.04.2026 14:44:51
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto...
CVE-2026-31636
- EPSS 0.44%
- Veröffentlicht 24.04.2026 14:44:50
- Zuletzt bearbeitet 27.04.2026 20:21:04
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk...
CVE-2026-31634
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:44:49
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by checking if rx->securities is already set.
CVE-2026-31635
- EPSS 0.82%
- Veröffentlicht 24.04.2026 14:44:49
- Zuletzt bearbeitet 18.05.2026 15:16:25
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgk_verify_response() decodes auth_len from the packet and is supposed to verify that it fits in the remaining bytes. The ...