{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31564", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.117Z", "datePublished": "2026-04-24T14:35:45.302Z", "dateUpdated": "2026-05-11T22:11:13.366Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:11:13.366Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()\n\nIn function kvm_eiointc_regs_access(), the register base address is\ncaculated from array base address plus offset, the offset is absolute\nvalue from the base address. The data type of array base address is\nu64, it should be converted into the \"void *\" type and then plus the\noffset."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/eiointc.c"], "versions": [{"version": "d3e43a1f34acbb9a814337fc5624765538e5a274", "lessThan": "c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82", "status": "affected", "versionType": "git"}, {"version": "d3e43a1f34acbb9a814337fc5624765538e5a274", "lessThan": "6bcfb7f46d667b04bd1a1169ccedf5fb699c60df", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/eiointc.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82"}, {"url": "https://git.kernel.org/stable/c/6bcfb7f46d667b04bd1a1169ccedf5fb699c60df"}], "title": "LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5054C854-C253-4020-BD2E-2BDA121E424C", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*", "matchCriteriaId": "35C8A871-4971-433E-A046-FC9F7B7D190A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()\n\nIn function kvm_eiointc_regs_access(), the register base address is\ncaculated from array base address plus offset, the offset is absolute\nvalue from the base address. The data type of array base address is\nu64, it should be converted into the \"void *\" type and then plus the\noffset."}], "id": "CVE-2026-31564", "lastModified": "2026-04-27T20:31:10.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:30.850", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6bcfb7f46d667b04bd1a1169ccedf5fb699c60df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()", "id": "2461530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461530"}, "csaw": false, "cwe": "CWE-681", "details": ["A flaw was found in the Linux kernel, specifically within the Kernel-based Virtual Machine (KVM) component for LoongArch architecture. An incorrect base address calculation in the `kvm_eiointc_regs_access()` function, where a `u64` type was not properly converted to a `void *` before adding an offset, could lead to memory corruption. This vulnerability may allow a local attacker to access or modify unintended memory regions, potentially resulting in information disclosure or denial of service."], "name": "CVE-2026-31564", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31564\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31564\nhttps://lore.kernel.org/linux-cve-announce/2026042459-CVE-2026-31564-c762@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d3e43a1f34acbb9a814337fc5624765538e5a274,c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d3e43a1f34acbb9a814337fc5624765538e5a274,6bcfb7f46d667b04bd1a1169ccedf5fb699c60df)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T14:12:18.009277+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the fixed base\u2011address calculation for LoongArch KVM.", "Ensure that all KVM virtual machines boot with the updated kernel image so the vulnerable code path is not exercised.", "If a kernel upgrade is not immediately feasible, monitor the system for signs of kernel instability or abnormal memory corruption and plan a rapid update as soon as possible."], "summary": {"action": "Patch Now", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The flaw affects the Linux kernel across versions 6.19 and all 7.0 release candidates up to and including 7.0\u2011rc7 when running on LoongArch hardware with the KVM hypervisor. Users running these kernel releases on affected systems are impacted until the code path is removed by the patch.", "description_and_impact": "In the LoongArch KVM implementation of the Linux kernel, the base address for a register in kvm_eiointc_regs_access() is calculated incorrectly. The function adds an offset directly to a 64\u2011bit base address value instead of first converting the base address to a pointer type, resulting in a type misuse categorized as CWE\u2011681. This incorrect calculation can lead to the use of out\u2011of\u2011bounds memory addresses, potentially corrupting kernel memory and causing instability such as kernel panics.", "risk_and_exploitability": "With a CVSS score of 5.5 the vulnerability is of moderate severity. The EPSS score is below 1\u202f%, indicating a low likelihood of exploitation at present, and the flaw is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that exploiting the bug would require access to the vulnerable KVM subsystem and the ability to influence the address calculation, implying a local or privileged context rather than a wide\u2011range remote attack vector. The primary risk remains kernel memory corruption and potential system instability."}}}}, "created": "2026-04-27T19:00:15.800959+00:00", "updated": "2026-04-28T14:15:34.928110+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}