Buffer Overflow Vulnerability in Linux Kernel Crypto Driver
CVE-2026-31698

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31698?

A buffer overflow vulnerability has been identified in the Linux kernel's crypto driver. This issue arises when a command to retrieve the PDH certificate fails, specifically if the command returns an invalid length. In such scenarios, the system could attempt to write more data than the allocated buffer size, leading to a potential leak of sensitive information to user space. This flaw highlights the need for proper error handling and validation in kernel-level operations to prevent unauthorized data exposure.

Affected Version(s)

Linux 76a2b524a4b1d6dc0f2421f9854a01d55d5e5436

Linux 76a2b524a4b1d6dc0f2421f9854a01d55d5e5436 < 78b97e43d0b3e674d9d49ae56937b11e2ba3fcaf

Linux 76a2b524a4b1d6dc0f2421f9854a01d55d5e5436 < 051e51aa55fd4cdc3e8283cf4476aeeb5f563274

References

https://git.kernel.org/stable/c/b5c14bd4da1f376f385722fe1...

https://git.kernel.org/stable/c/78b97e43d0b3e674d9d49ae56...

https://git.kernel.org/stable/c/051e51aa55fd4cdc3e8283cf4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31698 Data

JSON