What is CVE-2026-31638?

CVE-2026-31638 is a high-severity vulnerability in Linux. CVSS score: 7.5/10. Published 2026-04-24.

How severe is CVE-2026-31638?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Linux

CVE-2026-31638

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc_input_packet_on_conn() can process a to-client packet after the current client call on the channel has already bee…

EPSS: 0.001 (22.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Linux — versions 5e6ef4f1017c7f844e305283bbd8875af475e2fc, 6.2, 0

References

git.kernel.org/stable/c/b8f66447448d6c305a51413a67ec8ed26aa7d1dd
git.kernel.org/stable/c/0c156aff8a2d4fa0d61db7837641975cf0e5452d
git.kernel.org/stable/c/8299ca146489664e3c0c90a3b8900d8335b1ede4
git.kernel.org/stable/c/9fb09861e2b8d1abfe2efaf260c9f1d30080ea38
git.kernel.org/stable/c/6331f1b24a3e85465f6454e003a3e6c22005a5c5

Frequently asked questions

What is CVE-2026-31638?: CVE-2026-31638 is a high-severity vulnerability in Linux. CVSS score: 7.5/10. Published 2026-04-24.
How severe is CVE-2026-31638?: High severity. CVSS v3 base score is 7.5 out of 10.