CVE-2026-31430
Description
In the Linux kernel, the following vulnerability has been resolved:
X.509: Fix out-of-bounds access when parsing extensions
Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before checking its length. Fix it.
The bug can be triggered by an unprivileged user by submitting a specially crafted certificate to the kernel through the keyrings(7) API. Leo has demonstrated this with a proof-of-concept program responsibly disclosed off-list.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, an out-of-bounds access in X.509 certificate extension parsing can be triggered by an unprivileged user via a crafted certificate.
Vulnerability
CVE-2026-31430 is an out-of-bounds access vulnerability in the Linux kernel's X.509 certificate parsing code. The bug occurs when the parser encounters a certificate with an empty Basic Constraints or Key Usage extension; it reads the first byte of the extension before verifying that the extension's length is non-zero, leading to an out-of-bounds read [1][2].
Exploitation
An unprivileged user can trigger the vulnerability by submitting a specially crafted certificate to the kernel through the keyrings(7) API. A proof-of-concept program has been demonstrated by the reporter, Leo, who responsibly disclosed the issue off-list [1]. No authentication or special privileges are required beyond the ability to add a key to the kernel keyring.
Impact
Impact
Successful exploitation results in an out-of-bounds memory access, which could lead to information disclosure or a system crash (denial of service). The exact impact depends on memory layout and kernel hardening measures, but the bug is classified as a security vulnerability due to the potential for privilege escalation or data leakage [1].
Mitigation
The fix has been applied to the Linux kernel stable tree in commits 672b526def1f, d702c3408213, 206121294b9c, and 7fb4dadc2734 [1][2][3][4]. Users should update to a kernel version containing these patches. No workaround is available other than applying the update.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/206121294b9cf27f0589857f80d64f87e496ffb2nvd
- git.kernel.org/stable/c/30ab358fad0c7daa1d282ec48089901b21b36a20nvd
- git.kernel.org/stable/c/672b526def1f94c1be8eb11b885b803da0d8c2f1nvd
- git.kernel.org/stable/c/7fb4dadc2734f4020d7543d688b8d49c8e569c61nvd
- git.kernel.org/stable/c/d702c3408213bb12bd570bb97204d8340d141c51nvd
News mentions
0No linked articles in our index yet.