SB20260502151 - Out-of-bounds read in Linux kernel crypto ccp driver
Published: May 2, 2026
Security Bulletin ID
SB20260502151
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31699)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the sev_ioctl_do_pek_csr ioctl handler when processing a PEK CSR retrieval request after a failed firmware command. A local user can supply a too-small userspace buffer and length to trigger a copy to userspace that discloses sensitive information.
The issue occurs when the firmware reports an invalid length for the requested blob.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/111dcc6d0f016076745824a787d25609d0022f4c
- https://git.kernel.org/stable/c/3b4fd8f15765d9a3105b834dba8a05d025e5e16e
- https://git.kernel.org/stable/c/59e9ae81f8670ccc780bc75f45a355736f640ec9
- https://git.kernel.org/stable/c/607ba280f2adb5092cf5386c3935afac2ca0031a
- https://git.kernel.org/stable/c/abe4a6d6f606113251868c2c4a06ba904bb41eed