{"id":"CVE-2026-31639","summary":"rxrpc: Fix key reference count leak from call-\u003ekey","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix key reference count leak from call-\u003ekey\n\nWhen creating a client call in rxrpc_alloc_client_call(), the code obtains\na reference to the key.  This is never cleaned up and gets leaked when the\ncall is destroyed.\n\nFix this by freeing call-\u003ekey in rxrpc_destroy_call().\n\nBefore the patch, it shows the key reference counter elevated:\n\n$ cat /proc/keys | grep afs@54321\n1bffe9cd I--Q--i 8053480 4169w 3b010000  1000  1000 rxrpc     afs@54321: ka\n$\n\nAfter the patch, the invalidated key is removed when the code exits:\n\n$ cat /proc/keys | grep afs@54321\n$","modified":"2026-06-18T03:55:13.536328704Z","published":"2026-04-24T14:44:52.769Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31639.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2e6ef713b1598f6acd7f302fa6b12b6731c89914"},{"type":"WEB","url":"https://git.kernel.org/stable/c/978108902ee4ef2b348ff7ec36ad014dc5bc6dc6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d666540d217e8d420544ebdfbadeedd623562733"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e6b7943c5dc875647499da09bf4d50a8557ab0c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1a7a3ab0f35f83cf11bba906b9e948cf3788c28"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31639.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31639"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f3441d4125fc98995858550a5521b8d7daf0504a"},{"fixed":"f1a7a3ab0f35f83cf11bba906b9e948cf3788c28"},{"fixed":"e6b7943c5dc875647499da09bf4d50a8557ab0c3"},{"fixed":"2e6ef713b1598f6acd7f302fa6b12b6731c89914"},{"fixed":"978108902ee4ef2b348ff7ec36ad014dc5bc6dc6"},{"fixed":"d666540d217e8d420544ebdfbadeedd623562733"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31639.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.135"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.82"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.23"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31639.json"}}],"schema_version":"1.7.5"}