CVE-2026-31676
Received Received - Intake
Improper State Validation in Linux rxrpc Causes Security Risk

Publication date: 2026-04-25

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC_CONN_SERVICE_CHALLENGING. Check that state under state_lock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31676
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.23 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.13 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.84 (exc)
linux linux_kernel From 2.6.22 (inc) to 6.6.136 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's rxrpc component. It involves improper handling of RESPONSE packets during the service challenge phase of a connection. Specifically, the system should only process RESPONSE packets while the connection is in the RXRPC_CONN_SERVICE_CHALLENGING state. The fix ensures that the state is checked under a lock before verifying the response and initializing security, preventing duplicate or late RESPONSE packets from re-running the setup process and removing unsafe state checks after the transition.

Impact Analysis

If exploited, this vulnerability could allow duplicate or late RESPONSE packets to interfere with the connection setup process in the rxrpc service. This might lead to improper security initialization or unexpected behavior in the connection handling, potentially weakening the security of the communication or causing instability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31676. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart