{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31558", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.116Z", "datePublished": "2026-04-24T14:35:41.209Z", "dateUpdated": "2026-05-11T22:11:06.540Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:11:06.540Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust\n\nkvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so\ncpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this\ncase so as to make it more robust.\n\nThis fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[]."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/vcpu.c"], "versions": [{"version": "73516e9da512adc63ba3859fbd82a21f6257348f", "lessThan": "596c3f8069c4792f22fce8c4452f44410032d910", "status": "affected", "versionType": "git"}, {"version": "73516e9da512adc63ba3859fbd82a21f6257348f", "lessThan": "878cf6acb4fd8ab4126cf9d369a5bb0e23123418", "status": "affected", "versionType": "git"}, {"version": "73516e9da512adc63ba3859fbd82a21f6257348f", "lessThan": "47857b05bd50db01e211a1b6f513d57901cd3e6b", "status": "affected", "versionType": "git"}, {"version": "73516e9da512adc63ba3859fbd82a21f6257348f", "lessThan": "2db06c15d8c7a0ccb6108524e16cd9163753f354", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/vcpu.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/596c3f8069c4792f22fce8c4452f44410032d910"}, {"url": "https://git.kernel.org/stable/c/878cf6acb4fd8ab4126cf9d369a5bb0e23123418"}, {"url": "https://git.kernel.org/stable/c/47857b05bd50db01e211a1b6f513d57901cd3e6b"}, {"url": "https://git.kernel.org/stable/c/2db06c15d8c7a0ccb6108524e16cd9163753f354"}], "title": "LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD80DE3B-1F52-4735-A373-3F3F2440FA5D", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*", "matchCriteriaId": "9EA80796-744E-45F5-8632-2AB4F7889FCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust\n\nkvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so\ncpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this\ncase so as to make it more robust.\n\nThis fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[]."}], "id": "CVE-2026-31558", "lastModified": "2026-04-27T20:13:55.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-04-24T15:16:30.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2db06c15d8c7a0ccb6108524e16cd9163753f354"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47857b05bd50db01e211a1b6f513d57901cd3e6b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/596c3f8069c4792f22fce8c4452f44410032d910"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/878cf6acb4fd8ab4126cf9d369a5bb0e23123418"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust", "id": "2461467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461467"}, "csaw": false, "cwe": "CWE-839", "details": ["A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) component. A local attacker could potentially trigger an out-of-bounds memory access by providing a negative 'cpuid' parameter to the 'kvm_get_vcpu_by_cpuid()' function. This could lead to system instability or potentially other impacts due to memory corruption."], "name": "CVE-2026-31558", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31558\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31558\nhttps://lore.kernel.org/linux-cve-announce/2026042457-CVE-2026-31558-1140@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[73516e9da512adc63ba3859fbd82a21f6257348f,596c3f8069c4792f22fce8c4452f44410032d910)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[73516e9da512adc63ba3859fbd82a21f6257348f,878cf6acb4fd8ab4126cf9d369a5bb0e23123418)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[73516e9da512adc63ba3859fbd82a21f6257348f,47857b05bd50db01e211a1b6f513d57901cd3e6b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[73516e9da512adc63ba3859fbd82a21f6257348f,2db06c15d8c7a0ccb6108524e16cd9163753f354)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.10)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T14:14:33.388419+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that includes the kvm_get_vcpu_by_cpuid() fix.", "Reboot or reload the affected KVM modules to apply the updated code and clear any stale mappings that could still reference the out\u2011of\u2011bounds path.", "Monitor system logs for Oops or BUG reports related to KVM and apply kernel updates promptly when new patches are released for LoongArch KVM."], "summary": {"action": "Patch Immediately", "impact": "Local Denial of Service and potential information disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects Linux kernel releases 6.10 and all 7.0 release candidates (rc1 through rc7). It is present in the standard Linux kernel distribution and therefore impacts any system running one of those kernel versions, regardless of vendor. The CPE identifier confirms its reach across all Linux kernel builds.", "description_and_impact": "The vulnerability exists in the LoongArch implementation of the Linux kernel\u2019s KVM hypervisor. The function kvm_get_vcpu_by_cpuid() accepts a signed integer cpuid argument, and a negative value causes the routine to index the phyid_map::phys_map[] array outside its bounds. This out\u2011of\u2011bounds access can trigger a kernel panic or expose sensitive kernel memory, resulting in a denial of service or information leakage for a local attacker.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity. With an EPSS score of less than 1%, the current data suggests a very low exploitation probability under normal conditions. The weakness is not listed in CISA\u2019s KEV catalog. Exploitation would require local kernel access or control over a virtual machine executing KVM, implying a privileged or sophisticated adversary. The attack vector is likely local or confined to virtual machine guests, and no externally public exploits are documented at this time."}}}}, "created": "2026-04-27T19:15:11.614364+00:00", "updated": "2026-04-28T14:15:34.931525+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}