CVE-2026-31786
Published: Apr 30, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid_show will read and copy till it finds a NUL. 00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P| 00000010 b9 a8 01 42 6f 2e 32 |...Bo.2| 00000017 So use a memcpy instead of sprintf to have the correct value: 00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P| 00000010 b9 a8 01 42 |...B| 00000014 (the above have a hack to embed a zero inside and check it's returned correctly). This is XSA-485 / CVE-2026-31786
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 84b7625728ea311ea35bdaa0eded53c1c56baeaa - < e3af585e1728c917682b6a3de9a69b41fb9194d4affected 84b7625728ea311ea35bdaa0eded53c1c56baeaa - < 8288d031a01dbacfde3fc643f7be3d23504de64daffected 84b7625728ea311ea35bdaa0eded53c1c56baeaa - < f458ba102da97fafca106327086fc95f3fc764cbaffected 84b7625728ea311ea35bdaa0eded53c1c56baeaa - < 4b4defd2fce3f966c25adabf46644a85558f1169affected 84b7625728ea311ea35bdaa0eded53c1c56baeaa - < 5c5ff7c7bd15bb536f44b10b3fb5b8408f344d0a+3 more versions |
Linux | Linux | affected 4.13unaffected 0 - < 4.13unaffected 5.10.254 - <= 5.10.*unaffected 5.15.204 - <= 5.15.*unaffected 6.1.170 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now