CVE-2026-31638

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference count error exists in the rxrpc component. The function rxrpc input packet on conn() may process a to-client packet after the current client call on the channel has been torn down, resulting in chan->call being NULL and rxrpc try get call() returning NULL. The client-side implicit-end error path fails to account for this and unconditionally calls rxrpc put call(), which can lead to a kernel crash instead of simply rejecting the packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.