CVE-2026-31430
Analyzed Analyzed - Analysis Complete
Out-of-Bounds Access in Linux Kernel X.509 Extension Parsing

Publication date: 2026-04-20

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before checking its length. Fix it. The bug can be triggered by an unprivileged user by submitting a specially crafted certificate to the kernel through the keyrings(7) API. Leo has demonstrated this with a proof-of-concept program responsibly disclosed off-list.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31430
EUVD
EUVD-2026-23819
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.23 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.13 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.82 (exc)
linux linux_kernel From 6.4 (inc) to 6.6.135 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds access issue in the Linux kernel's X.509 certificate parsing code. Specifically, when parsing certificate extensions such as Basic Constraints or Key Usage that are empty, the code reads the first byte of the extension without first verifying the extension's length. This can lead to reading memory outside the intended bounds.

The flaw can be triggered by an unprivileged user who submits a specially crafted certificate to the kernel via the keyrings API.

Impact Analysis

The vulnerability allows an unprivileged user to cause an out-of-bounds memory access in the Linux kernel by submitting a specially crafted certificate. This could potentially lead to kernel crashes or other unpredictable behavior, which might be exploited for privilege escalation or denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31430. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart