CVE-2026-31640

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the rxrpc post response() function where the code incorrectly uses the newer packet private data instead of the challenge serial number from the cached response when deciding whether to switch to a newer response. This causes the comparison to always be false. The fix involves ensuring the older packet is checked and that the new packet substitutes the old one if it is newer, while releasing the unused packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.