CVE-2026-31558
Published: Apr 24, 2026
Modified: May 11, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this case so as to make it more robust. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 73516e9da512adc63ba3859fbd82a21f6257348f - < 596c3f8069c4792f22fce8c4452f44410032d910affected 73516e9da512adc63ba3859fbd82a21f6257348f - < 878cf6acb4fd8ab4126cf9d369a5bb0e23123418affected 73516e9da512adc63ba3859fbd82a21f6257348f - < 47857b05bd50db01e211a1b6f513d57901cd3e6baffected 73516e9da512adc63ba3859fbd82a21f6257348f - < 2db06c15d8c7a0ccb6108524e16cd9163753f354 |
Linux | Linux | affected 6.10unaffected 0 - < 6.10unaffected 6.12.80 - <= 6.12.*unaffected 6.18.21 - <= 6.18.*unaffected 6.19.11 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now