CVE-2026-31676

{"id": "CVE-2026-31676", "cveTags": [], "metrics": {}, "published": "2026-04-25T09:16:01.210", "references": [{"url": "https://git.kernel.org/stable/c/03fd2ef73cb4ffd0af100a95b634af54f474414e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c43ffdcfdbb5567b1f143556df8a04b4eeea041c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d0035e634dae83237ab7f5681eb52b2f65d0ceb8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: only handle RESPONSE during service challenge\n\nOnly process RESPONSE packets while the service connection is still in\nRXRPC_CONN_SERVICE_CHALLENGING. Check that state under state_lock before\nrunning response verification and security initialization, then use a local\nsecured flag to decide whether to queue the secured-connection work after\nthe state transition. This keeps duplicate or late RESPONSE packets from\nre-running the setup path and removes the unlocked post-transition state\ntest."}], "lastModified": "2026-04-25T09:16:01.210", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}