SB20260502150 - Out-of-bounds read in Linux kernel crypto ccp driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31698)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in sev_ioctl_do_pdh_export when handling a PDH certificate export ioctl after a firmware command failure caused by an invalid length. A local user can provide a userspace buffer and length that are too small to trigger copying beyond the kernel-allocated buffer to disclose sensitive information.
The issue occurs when retrieving the PDH certificate and the firmware reports the required size after the supplied userspace buffer is too small.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/051e51aa55fd4cdc3e8283cf4476aeeb5f563274
- https://git.kernel.org/stable/c/50808c13452dae43a2c90b1bbbf9daa16501ce70
- https://git.kernel.org/stable/c/78b97e43d0b3e674d9d49ae56937b11e2ba3fcaf
- https://git.kernel.org/stable/c/b5c14bd4da1f376f385722fe1da993f1edab6472
- https://git.kernel.org/stable/c/e76239fed3cffd6d304d8ca3ce23984fd24f57d3