CVE-2026-31662

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc ackers underflow on duplicate GRP ACK MSG

The GRP ACK MSG handler in tipc group proto rcv() currently decrements bc ackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast round.

Because bc ackers is a u16, a duplicate ACK received after the last legitimate ACK wraps the counter to 65535. Once wrapped, tipc group bc cong() keeps reporting congestion and later group broadcasts on the affected socket stay blocked until the group is recreated.

Fix this by ignoring duplicate or stale ACKs before touching bc acked or bc ackers. This makes repeated GRP ACK MSG handling idempotent and prevents the underflow path.