Buffer Overflow Vulnerability in Linux Kernel Affecting Multiple Products
CVE-2026-31699

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31699?

A vulnerability in the Linux kernel's handling of cryptographic commands could lead to unintended data exposure due to a buffer overflow. When obtaining the PEK CSR, the system incorrectly attempts to copy data to userspace despite failures from the firmware command, potentially causing an overflow from userspace buffer mismanagement. This situation arises if the firmware reports an invalid length, compromising data integrity and allowing unauthorized data access. Efforts to correct these flaws aim to bolster the overall security of affected systems by ensuring strict checks before copying data.

Affected Version(s)

Linux e799035609e1526761aa2f896a974b233d04d36d < 607ba280f2adb5092cf5386c3935afac2ca0031a

Linux e799035609e1526761aa2f896a974b233d04d36d < 59e9ae81f8670ccc780bc75f45a355736f640ec9

Linux e799035609e1526761aa2f896a974b233d04d36d < 111dcc6d0f016076745824a787d25609d0022f4c

References

https://git.kernel.org/stable/c/607ba280f2adb5092cf5386c3...

https://git.kernel.org/stable/c/59e9ae81f8670ccc780bc75f4...

https://git.kernel.org/stable/c/111dcc6d0f016076745824a78...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31699 Data

JSON