Buffer Overflow in Linux Kernel Crypto Component Affects Google Hardware
CVE-2026-31697

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31697?

A vulnerability in the Linux kernel's crypto component poses a risk where, upon failure to retrieve the CPU ID due to an invalid length, the system may attempt to copy a data blob to user space. This can result in a buffer overflow, potentially leaking sensitive information. The flaw arises when the kernel misinterprets a firmware command's success while the actual response indicates failure, leading to a discrepancy in data handling. The issue needs to be addressed to mitigate the potential data leakage risk.

Affected Version(s)

Linux d6112ea0cb344d6f5ed519991e24f69ba4b43d0e < 09427bcb1715fb20a80b6acd5156dbf15ab5c363

Linux d6112ea0cb344d6f5ed519991e24f69ba4b43d0e < 1fbac0429a42adec830491757a2b53956dd797ea

Linux d6112ea0cb344d6f5ed519991e24f69ba4b43d0e < 2937f17bbeefb8e7608ff1f78cffbeb3d0281e5e

References

https://git.kernel.org/stable/c/09427bcb1715fb20a80b6acd5...

https://git.kernel.org/stable/c/1fbac0429a42adec830491757...

https://git.kernel.org/stable/c/2937f17bbeefb8e7608ff1f78...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31697 Data

JSON