CVE-2026-31553

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()

Using "(u64 __user )hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset8. ;-)

Fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf6927b41d57390c597a126063e2e518911976878 < 4307e05e568782fc92eff651b09ee5dee88a058daffected
LinuxLinuxf6927b41d57390c597a126063e2e518911976878 < 0496acc42fb51eee040b5170cec05cec41385540affected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux6.19.11 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References