SB20260502149 - Out-of-bounds read in Linux kernel crypto ccp driver
Published: May 2, 2026
Security Bulletin ID
SB20260502149
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31697)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in sev_ioctl_do_get_id2 in the ccp/sev ioctl handler when handling a request to retrieve the CPU ID with a userspace buffer and length that are too small after a firmware command failure. A local user can issue a specially crafted ioctl request to disclose sensitive information.
The issue occurs when the firmware command fails due to an invalid length and the kernel still copies the firmware-required byte count to userspace.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06f06d88c05ce176c61fff8c72c372847b0dd2b5
- https://git.kernel.org/stable/c/09427bcb1715fb20a80b6acd5156dbf15ab5c363
- https://git.kernel.org/stable/c/1fbac0429a42adec830491757a2b53956dd797ea
- https://git.kernel.org/stable/c/2937f17bbeefb8e7608ff1f78cffbeb3d0281e5e
- https://git.kernel.org/stable/c/4f685dbfa87c546e51d9dc6cab379d20f275e114