CVE-2026-31676
rxrpc: only handle RESPONSE during service challenge
Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC_CONN_SERVICE_CHALLENGING. Check that state under state_lock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test.
INFO
Published Date :
April 25, 2026, 9:16 a.m.
Last Modified :
June 1, 2026, 5:16 p.m.
Remotely Exploit :
Yes !
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Solution
- Update the Linux kernel to the latest version.
- Apply the security patch for rxrpc.
- Reboot the system after updates.
Public PoC/Exploit Available at Github
CVE-2026-31676 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-31676.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-31676 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-31676
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
OpenSCAP-powered Linux hardening CLI — scan, harden & rollback across major distros with YAML profiles, dry-run, hooks, and environment-aware compliance.
Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-31676 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-31676 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 01, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/0afdfd4941c1b60a1f5c361760daa970edca60cd Added Reference https://git.kernel.org/stable/c/6c3a0fbdafef8316e34ae22333e317a341e737cd Added Reference https://git.kernel.org/stable/c/a1a8efde03a40b6c658d580e96644d9b9a2a0d3a -
Initial Analysis by [email protected]
May. 06, 2026
Action Type Old Value New Value Added CWE NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.23 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 6.19.13 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.84 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.22 up to (excluding) 6.6.136 Added Reference Type kernel.org: https://git.kernel.org/stable/c/03fd2ef73cb4ffd0af100a95b634af54f474414e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/29b44d904dceb832be880def08b8cb17a0aba91c Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/a6bcf8010af093fe04f7100562e9542ab7882585 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/c43ffdcfdbb5567b1f143556df8a04b4eeea041c Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d0035e634dae83237ab7f5681eb52b2f65d0ceb8 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 27, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 27, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/29b44d904dceb832be880def08b8cb17a0aba91c Added Reference https://git.kernel.org/stable/c/a6bcf8010af093fe04f7100562e9542ab7882585 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 25, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC_CONN_SERVICE_CHALLENGING. Check that state under state_lock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test. Added Reference https://git.kernel.org/stable/c/03fd2ef73cb4ffd0af100a95b634af54f474414e Added Reference https://git.kernel.org/stable/c/c43ffdcfdbb5567b1f143556df8a04b4eeea041c Added Reference https://git.kernel.org/stable/c/d0035e634dae83237ab7f5681eb52b2f65d0ceb8