CVE-2026-31430

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> X.509: Fix out-of-bounds access when parsing extensions<br /> <br /> Leo reports an out-of-bounds access when parsing a certificate with<br /> empty Basic Constraints or Key Usage extension because the first byte of<br /> the extension is read before checking its length. Fix it.<br /> <br /> The bug can be triggered by an unprivileged user by submitting a<br /> specially crafted certificate to the kernel through the keyrings(7) API.<br /> Leo has demonstrated this with a proof-of-concept program responsibly<br /> disclosed off-list.