A three-year-old out-of-bounds access vulnerability in the Linux kernel's X.509 certificate parsing code has been patched just in time for the Linux 7.0 release. The bug, present since Linux 6.4 (2023), allows unprivileged users to trigger the flaw by submitting a specially crafted certificate via the kernel's keyrings API. Consequences can include information leaks, kernel crashes, denial of service, or potential privilege escalation. The fix, authored by Lukas Wunner, adds conditional length checks before reading extension bytes and will be back-ported to all supported stable kernels (6.6 LTS, 6.12 LTS, 6.18 LTS, and 6.19).
Sort: