—

CVE-2026-31430EXPLOITEDPATCHED

Linux · Linux

X.509: Fix out-of-bounds access when parsing extensions

Description

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation results in out-of-bounds read. The attack can only be performed from the local network. It is advisable to upgrade the affected component.

Affected Products

Vendor	Product	Versions
Linux	Linux	30eae2b037af54b24109dcaea21db46f6285c69b, 30eae2b037af54b24109dcaea21db46f6285c69b, 30eae2b037af54b24109dcaea21db46f6285c69b, 30eae2b037af54b24109dcaea21db46f6285c69b, 30eae2b037af54b24109dcaea21db46f6285c69b, 6.4, 6.6.134, 6.12.81, 6.18.22, 6.19.12

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%
open source	open source linux kernel	cert_advisory	90%

References

Related News (3 articles)

Tier B

BSI Advisories1h ago

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2h ago

CVE-2026-31430 | Linux Kernel up to 6.6.134/6.12.81/6.18.22/6.19.12 X.509 Certificate out-of-bounds

→ No new info (linked only)

Tier C

Linux Kernel CVEs3h ago

CVE-2026-31430: X.509: Fix out-of-bounds access when parsing extensions

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

672b526def1f94c1be8eb11b885b803da0d8c2f130ab358fad0c7daa1d282ec48089901b21b36a20206121294b9cf27f0589857f80d64f87e496ffb27fb4dadc2734f4020d7543d688b8d49c8e569c61d702c3408213bb12bd570bb97204d8340d141c5106.6.1356.12.826.18.236.19.137.0

PublishedApr 20, 2026

Last enriched2h agov3

Trending Score65

Source articles3

Independent3

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-23400EXP

rust_binder: call set_notification_done() without proc lock

Trending: 64

NONECVE-2026-31429

net: skb: fix cross-cache free of KFENCE-allocated skb head

Trending: 36

NONECVE-2026-23398EXP

icmp: fix NULL pointer dereference in icmp_tag_validation()

Trending: 29

NONECVE-2026-31416EXP

netfilter: nfnetlink_log: account for netlink header size

Trending: 27

NONECVE-2026-31427EXP

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp

Trending: 24

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 20, 2026

Discovered by ZDM

Apr 20, 2026

Updated: affectedVersions

Apr 20, 2026

Actively Exploited

Apr 20, 2026

Patch Available

Apr 20, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 20, 2026

Version History

Last enriched 2h ago

v3Tier C2h ago

Updated description with critical severity, new affected versions, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v2Tier C2h ago

Updated description with more technical detail, added affected versions, changed severity to HIGH, and marked exploit availability and active exploitation status as true.

affectedVersions

via Linux Kernel CVEs

v12h ago

Initial creation