CVE-2026-31470

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the tdx-guest component where the host-controlled value quote buf->out len is not properly validated. This value determines the number of bytes of the quote copied to guest userspace. In TDX environments using remote attestation, this lack of validation allows the host to specify a response length exceeding the guest's allocation or modify the response during consumption. This can lead to the leakage of data beyond the pages allocated for quote buf (up to TSM REPORT OUTBLOB MAX) to guest userspace, potentially crossing container protection boundaries in deployments using per-container configs-tsm-report interfaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.