CVE-2026-31558

Source
https://cve.org/CVERecord?id=CVE-2026-31558
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31558.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31558
Downstream
Published
2026-04-24T14:35:41.209Z
Modified
2026-07-15T01:48:54.079283706Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust
Details

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Make kvmgetvcpubycpuid() more robust

kvmgetvcpubycpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvmgetvcpubycpuid() return NULL for this case so as to make it more robust.

This fix an out-of-bounds access to kvmarch::phyidmap::phys_map[].

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31558.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
73516e9da512adc63ba3859fbd82a21f6257348f
Fixed
596c3f8069c4792f22fce8c4452f44410032d910
Fixed
878cf6acb4fd8ab4126cf9d369a5bb0e23123418
Fixed
47857b05bd50db01e211a1b6f513d57901cd3e6b
Fixed
2db06c15d8c7a0ccb6108524e16cd9163753f354

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31558.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31558.json"