Linux Kernel rxrpc RCU Deletion Improper Call Removal
CVE-2026-31642 Published on April 24, 2026
rxrpc: Fix call removal to use RCU safe deletion
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix call removal to use RCU safe deletion
Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu()
rather than list_del_init() to prevent stuffing up reading
/proc/net/rxrpc/calls from potentially getting into an infinite loop.
This, however, means that list_empty() no longer works on an entry that's
been deleted from the list, making it harder to detect prior deletion. Fix
this by:
Firstly, make rxrpc_destroy_all_calls() only dump the first ten calls that
are unexpectedly still on the list. Limiting the number of steps means
there's no need to call cond_resched() or to remove calls from the list
here, thereby eliminating the need for rxrpc_put_call() to check for that.
rxrpc_put_call() can then be fixed to unconditionally delete the call from
the list as it is the only place that the deletion occurs.
Products Associated with CVE-2026-31642
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 2baec2c3f854d1f79c7bb28386484e144e864a14 and below 93fc15be44a35b8e3c58d0238ac0d9b7c53465ff is affected.
- Version 2baec2c3f854d1f79c7bb28386484e144e864a14 and below c63abf25203b50243fe228090526f9dbf37727bd is affected.
- Version 2baec2c3f854d1f79c7bb28386484e144e864a14 and below 3be718f659683ad89fad6f1eb66bee99727cae64 is affected.
- Version 2baec2c3f854d1f79c7bb28386484e144e864a14 and below ac5f54691be06a32246179d41be2d73598036deb is affected.
- Version 2baec2c3f854d1f79c7bb28386484e144e864a14 and below 146d4ab94cf129ee06cd467cb5c71368a6b5bad6 is affected.
- Version 4.13 is affected.
- Before 4.13 is unaffected.
- Version 6.6.135, <= 6.6.* is unaffected.
- Version 6.12.82, <= 6.12.* is unaffected.
- Version 6.18.23, <= 6.18.* is unaffected.
- Version 6.19.13, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.