CVE-2026-31640

medium

Red Hat

CVSS v3 Base Score

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 96% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: April 24, 2026 (20 days ago)

Last Modified: April 24, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in the Linux kernel's rxrpc component. This vulnerability occurs in the `rxrpc_post_response()` function, where the system incorrectly compares a newer network packet's data instead of the expected cached response. This error causes the challenge serial number comparison to always be false, preventing the system from correctly evaluating and potentially switching to newer network responses. This could lead to the system operating with outdated information or processing network communications incorrectly, potentially impacting the reliability of network services.

CWE

CWE-1025

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 lore.kernel.org

CVE-2026-31640

Vulnerability Report

Description

CWE

Affected Products

References