CVE-2026-31430 | Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12 X.509 Certificate out-of-bounds

VDB-358297 · CVE-2026-31430 · WID-SEC-2026-1180 LINUX KERNEL UP TO 6.6.134/6.12.81/6.18.22/6.19.12 X.509 CERTIFICATE OUT-OF-BOUNDS HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 3.4 $0-$5k 3.33+ Summaryinfo A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12. Impacted is an unknown function of the component X.509 Certificate Handler. This manipulation causes out-of-bounds. This vulnerability is tracked as CVE-2026-31430. No exploit exists. You should upgrade the affected component. Detailsinfo A vulnerability was found in Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12. It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component X.509 Certificate Handler. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality. The summary by CVE is: In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before checking its length. Fix it. The bug can be triggered by an unprivileged user by submitting a specially crafted certificate to the kernel through the keyrings(7) API. Leo has demonstrated this with a proof-of-concept program responsibly disclosed off-list. The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2026-31430 since 03/09/2026. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/20/2026). Upgrading to version 6.6.135, 6.12.82, 6.18.23 or 6.19.13 eliminates this vulnerability. Applying the patch 672b526def1f94c1be8eb11b885b803da0d8c2f1/30ab358fad0c7daa1d282ec48089901b21b36a20/206121294b9cf27f0589857f80d64f87e496ffb2/7fb4dadc2734f4020d7543d688b8d49c8e569c61/d702c3408213bb12bd570bb97204d8340d141c51 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2026-1180). Affected Open Source Linux Kernel Productinfo Type Operating System Vendor Linux Name Kernel Version 6.6.134 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.12.77 6.12.78 6.12.79 6.12.80 6.12.81 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.18.17 6.18.18 6.18.19 6.18.20 6.18.21 6.18.22 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 6.19.7 6.19.8 6.19.9 6.19.10 6.19.11 6.19.12 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 3.5 VulDB Meta Temp Score: 3.4 VulDB Base Score: 3.5 VulDB Temp Score: 3.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Out-of-bounds CWE: CWE-125 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.6.135/6.12.82/6.18.23/6.19.13 Patch: 672b526def1f94c1be8eb11b885b803da0d8c2f1/30ab358fad0c7daa1d282ec48089901b21b36a20/206121294b9cf27f0589857f80d64f87e496ffb2/7fb4dadc2734f4020d7543d688b8d49c8e569c61/d702c3408213bb12bd570bb97204d8340d141c51 Timelineinfo 03/09/2026 CVE reserved 04/20/2026 +41 days Advisory disclosed 04/20/2026 +0 days VulDB entry created 04/20/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-31430 (🔒) GCVE (CVE): GCVE-0-2026-31430 GCVE (VulDB): GCVE-100-358297 CERT Bund: WID-SEC-2026-1180 - Linux Kernel: Mehrere Schwachstellen Entryinfo Created: 04/20/2026 12:35 Updated: 04/20/2026 14:00 Changes: 04/20/2026 12:35 (58), 04/20/2026 14:00 (7) Complete: 🔍 Cache ID: 99:C75:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸