CVE-2026-31634
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A reference count leak was discovered in the Linux kernel's rxrpc_server_keyring() function. The issue occurs when the rx->securities field is already set, leading to improper memory management.
Risk Assessment
This reference count leak can exhaust kernel memory, causing system instability or denial of service (DoS) for network services using RxRPC.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit referenced in CVE-2026-31634). Monitor distributions for the patched release.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by checking if rx->securities is already set.

