In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix the descriptor address in _kvmatswapdesc()
Using "(u64 __user )hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset8. ;-)
Fix it.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31553.json",
"cna_assigner": "Linux"
}