{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31568", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.117Z", "datePublished": "2026-04-24T14:35:48.125Z", "dateUpdated": "2026-05-11T22:11:18.354Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:11:18.354Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Add missing secure storage access fixups for donated memory\n\nThere are special cases where secure storage access exceptions happen\nin a kernel context for pages that don't have the PG_arch_1 bit\nset. That bit is set for non-exported guest secure storage (memory)\nbut is absent on storage donated to the Ultravisor since the kernel\nisn't allowed to export donated pages.\n\nPrior to this patch we would try to export the page by calling\narch_make_folio_accessible() which would instantly return since the\narch bit is absent signifying that the page was already exported and\nno further action is necessary. This leads to secure storage access\nexception loops which can never be resolved.\n\nWith this patch we unconditionally try to export and if that fails we\nfixup."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/mm/fault.c"], "versions": [{"version": "084ea4d611a3d00ee3930400b262240e10895900", "lessThan": "b36b0e804aee5f20c6798dbeaeaa7cfdb7c6cf88", "status": "affected", "versionType": "git"}, {"version": "084ea4d611a3d00ee3930400b262240e10895900", "lessThan": "43ac2d18db1131df0a89993f709131ebfc29f3bd", "status": "affected", "versionType": "git"}, {"version": "084ea4d611a3d00ee3930400b262240e10895900", "lessThan": "b00be77302d7ec4ad0367bb236494fce7172b730", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/mm/fault.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b36b0e804aee5f20c6798dbeaeaa7cfdb7c6cf88"}, {"url": "https://git.kernel.org/stable/c/43ac2d18db1131df0a89993f709131ebfc29f3bd"}, {"url": "https://git.kernel.org/stable/c/b00be77302d7ec4ad0367bb236494fce7172b730"}], "title": "s390/mm: Add missing secure storage access fixups for donated memory", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E034C3DB-8767-405F-B61D-0462FF99F64E", "versionEndExcluding": "6.18.21", "versionStartIncluding": "5.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*", "matchCriteriaId": "3D23CE42-BDB2-4216-8495-230ABE98FCDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Add missing secure storage access fixups for donated memory\n\nThere are special cases where secure storage access exceptions happen\nin a kernel context for pages that don't have the PG_arch_1 bit\nset. That bit is set for non-exported guest secure storage (memory)\nbut is absent on storage donated to the Ultravisor since the kernel\nisn't allowed to export donated pages.\n\nPrior to this patch we would try to export the page by calling\narch_make_folio_accessible() which would instantly return since the\narch bit is absent signifying that the page was already exported and\nno further action is necessary. This leads to secure storage access\nexception loops which can never be resolved.\n\nWith this patch we unconditionally try to export and if that fails we\nfixup."}], "id": "CVE-2026-31568", "lastModified": "2026-04-27T20:32:54.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:31.313", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43ac2d18db1131df0a89993f709131ebfc29f3bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b00be77302d7ec4ad0367bb236494fce7172b730"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b36b0e804aee5f20c6798dbeaeaa7cfdb7c6cf88"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: s390/mm: Add missing secure storage access fixups for donated memory", "id": "2461528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461528"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-248", "details": ["A flaw was found in the Linux kernel. This vulnerability, located in the s390/mm component, is due to missing secure storage access fixups for memory donated to the Ultravisor. When secure storage access exceptions occur for such memory, the kernel can enter an unresolvable loop. This can lead to a system hang or crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-31568", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31568\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31568\nhttps://lore.kernel.org/linux-cve-announce/2026042401-CVE-2026-31568-cefd@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[084ea4d611a3d00ee3930400b262240e10895900,b36b0e804aee5f20c6798dbeaeaa7cfdb7c6cf88)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[084ea4d611a3d00ee3930400b262240e10895900,43ac2d18db1131df0a89993f709131ebfc29f3bd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[084ea4d611a3d00ee3930400b262240e10895900,b00be77302d7ec4ad0367bb236494fce7172b730)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.7"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T14:11:09.229023+00:00", "value": {"mitigation_remediation": ["Apply the kernel patch that fixes CVE-2026-31568 (upgrade to a patched release).", "If immediate patching is not possible, disable the Ultravisor memory donation feature that supplies pages without the PG_arch_1 bit, thereby preventing the exception loop from being triggered.", "Enable and monitor kernel logs for \"secure_storage\" exceptions to detect any remaining anomalies and ensure the system is not attempting to use donated memory paths."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (kernel)"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in any Linux kernel that aligns with the listed CPEs: the generic Linux kernel, all releases from 5.7 onward, and the 7.0 release candidates 1 through 7. This covers a wide range of production systems that use the s390 architecture as well as developers working with the 7.0 rc series.", "description_and_impact": "The kernel bypasses a required security check when handling memory donated to the Ultravisor. The missing PG_arch_1 bit causes exported pages to be considered ready, leading the export routine to finish immediately. Because the page is not truly exported, subsequent secure storage accesses raise exceptions that cannot be resolved, creating an infinite loop. This flaw falls under CWE\u2011125 and CWE\u2011248 and can result in a denial of service by freezing the kernel or causing repeated panic loops.", "risk_and_exploitability": "The CVSS base score of 7.1 indicates a moderate\u2011to\u2011severe impact, while an EPSS score of less than 1% suggests that exploitation is currently unlikely but not impossible. The flaw is not included in the CISA KEV list. An attacker would need kernel\u2011level privilege or a malicious kernel module that triggers the secure storage path on donated pages; no user\u2011level input can trigger it. Because the failure manifests within the kernel, patching the kernel is the only definitive fix."}}}}, "created": "2026-04-27T19:00:15.753563+00:00", "updated": "2026-04-28T14:15:34.925240+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}