VDB
CVE-2026-31558
CVE-2026-31558
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this case so as to make it more robust. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].
EPSS 0.02% · 3.5th percentile
Risk Scores
EPSS Score
0.02%
3.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.19.11, 6.18.21, 7.0 |
| linux | linux_kernel | 6.10, 6.10, 6.10 |
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 Security Advisory
- Apr 27, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/596c3f8069c4792f22fce8c4452f44410032d910 url
- https://git.kernel.org/stable/c/878cf6acb4fd8ab4126cf9d369a5bb0e23123418 url
- https://git.kernel.org/stable/c/47857b05bd50db01e211a1b6f513d57901cd3e6b url
- https://git.kernel.org/stable/c/2db06c15d8c7a0ccb6108524e16cd9163753f354 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31558 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory