In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Make kvmgetvcpubycpuid() more robust
kvmgetvcpubycpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvmgetvcpubycpuid() return NULL for this case so as to make it more robust.
This fix an out-of-bounds access to kvmarch::phyidmap::phys_map[].
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31558.json",
"cna_assigner": "Linux"
}