Bug 2461555 (CVE-2026-31640)
| Summary: | CVE-2026-31640 kernel: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Linux kernel's rxrpc component. This vulnerability occurs in the `rxrpc_post_response()` function, where the system incorrectly compares a newer network packet's data instead of the expected cached response. This error causes the challenge serial number comparison to always be false, preventing the system from correctly evaluating and potentially switching to newer network responses. This could lead to the system operating with outdated information or processing network communications incorrectly, potentially impacting the reliability of network services.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-24 15:08:14 UTC
|