CVE-2026-31591

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing userspace to manipulate and/or run a vCPU while its state is being synchronized would at best corrupt vCPU state, and at worst crash the host kernel.

Opportunistically assert that vcpu->mutex is held when synchronizing its VMSA (the SEV-ES path already locks vCPUs).

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxad27ce155566f2b4400fa865859834592bd18777 < 30fd9d8c82087742168db779929d8be0459b0716affected
LinuxLinuxad27ce155566f2b4400fa865859834592bd18777 < 4df77742e8b9a6b935bdf46f02fd0aca4d4ee7f5affected
LinuxLinuxad27ce155566f2b4400fa865859834592bd18777 < c87938fc7d99a06a7e5477c45b4e5a4148f85d66affected
LinuxLinuxad27ce155566f2b4400fa865859834592bd18777 < cb923ee6a80f4e604e6242a4702b59251e61a380affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0.1 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References