CVE-2026-31634
Description
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: fix reference count leak in rxrpc_server_keyring()
This patch fixes a reference count leak in rxrpc_server_keyring() by checking if rx->securities is already set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A reference count leak in rxrpc_server_keyring() in the Linux kernel could lead to resource exhaustion, fixed by checking if rx->securities is already set.
Vulnerability
CVE-2026-31634 describes a reference count leak in the rxrpc_server_keyring() function of the Linux kernel's RxRPC network protocol implementation. The function did not properly check if rx->securities was already initialized before setting it, leading to an increment of the reference count without a corresponding decrement under certain conditions.
Exploitation
An attacker would need to trigger the vulnerable code path to cause the reference count to be incremented multiple times. This could be achieved by repeatedly calling keyring-related operations that invoke rxrpc_server_keyring(). The vulnerability is local, requiring the ability to execute code or influence keyring operations on the system.
Impact
A reference count leak can eventually lead to resource exhaustion of kernel objects, potentially causing memory pressure or system instability. If the leak is severe, it might allow a local attacker to perform a denial-of-service (DoS) attack by exhausting memory. The CVSS score of 5.5 (Medium) reflects the local attack vector and confidentiality impact.
Mitigation
The Linux kernel community has addressed this issue by adding a check to ensure rx->securities is not already set before assigning it [1]. The fix has been backported to multiple stable kernels as indicated by the commit references [1][2][3][4]. Users are advised to update their kernels to include the patch.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.22.1,<5.15.203
- cpe:2.3:o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/12de9e0e0b0b7058be7dfb8a5927eb565bc25780nvdPatch
- git.kernel.org/stable/c/139c750bf06649097d98b0bc41e2a678b4627e27nvdPatch
- git.kernel.org/stable/c/8ee931c3cd97f1c42b4fbf057f04b9dae45dfb7anvdPatch
- git.kernel.org/stable/c/9ce36d28f67c2a477a7e2f03480de3f6783fb363nvdPatch
- git.kernel.org/stable/c/c6d9ea26cf8756ad6f162578e94a5f82f6fae3c2nvdPatch
- git.kernel.org/stable/c/f125846ee79fcae537a964ce66494e96fa54a6denvdPatch
- git.kernel.org/stable/c/fc76d0bd00850b7372f0a4a319c0c60f80487632nvdPatch
News mentions
0No linked articles in our index yet.