CVE-2026-52968

Source
https://cve.org/CVERecord?id=CVE-2026-52968
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52968.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52968
Downstream
Published
2026-06-24T16:28:47.438Z
Modified
2026-07-08T08:13:43.805608736Z
Summary
KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic

kvms390pciaifenable(), kvms390pciaifdisable(), and aenhostforward() index the GAIT by manually multiplying the index with sizeof(struct zpci_gaite).

Since aift->gait is already a struct zpci_gaite pointer, this double-scales the offset, accessing element aisb*16 instead of aisb.

This causes out-of-bounds accesses when aisb >= 32 (with ZPCINRDEVICES=512)

Fix by removing the erroneous sizeof multiplication.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52968.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
73f91b004321f2510fa79e66035dbbf1870fcf56
Fixed
31a9d9f9942885aae356a1a57c79e82c5b5b0828
Fixed
a99a25db131ece5e6c0f7632da606de631efe4f2
Fixed
11b8ff5b930b351dd1f6f088dce0beb027ac92d0
Fixed
b22a2da8792a7bfe743c1a922e77fa499ddedbe8
Fixed
e7216651b94e92e5433fb2f54b77864642b4ea48
Fixed
16d990a15491cf76cd6eef0846e1b4100e63261a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52968.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52968.json"