CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: only handle RESPONSE during service challenge

Only process RESPONSE packets while the service connection is still in RXRPC CONN SERVICE CHALLENGING. Check that state under state lock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test.