CVE-2026-31662

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The GRP ACK MSG handler in the tipc group proto rcv() function decrements the bc ackers variable on every inbound group ACK, including duplicate ACKs from members who have already acknowledged the current broadcast round. Since bc ackers is a u16 (an unsigned 16-bit integer), a duplicate ACK received after the final legitimate ACK causes the counter to underflow and wrap to 65535. This leads the tipc group bc cong() function to continuously report congestion, resulting in subsequent group broadcasts on the affected socket remaining blocked until the group is recreated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.