CVE-2026-31553
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()
Using "(u64 __user )hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset8. ;-)
Fix it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f6927b41d57390c597a126063e2e518911976878 < 4307e05e568782fc92eff651b09ee5dee88a058d | affected |
| Linux | Linux | f6927b41d57390c597a126063e2e518911976878 < 0496acc42fb51eee040b5170cec05cec41385540 | affected |
| Linux | Linux | 6.19 | affected |
| Linux | Linux | 0 < 6.19 | unaffected |
| Linux | Linux | 6.19.11 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4307e05e568782fc92eff651b09ee5dee88a058d
- https://git.kernel.org/stable/c/0496acc42fb51eee040b5170cec05cec41385540
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.