CVE Catalog

CVE-2026-31634

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A reference count leak was discovered in the Linux kernel's rxrpc_server_keyring() function. The issue occurs when the rx->securities field is already set, leading to improper memory management.

Risk Assessment

This reference count leak can exhaust kernel memory, causing system instability or denial of service (DoS) for network services using RxRPC.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit referenced in CVE-2026-31634). Monitor distributions for the patched release.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by checking if rx->securities is already set.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS