Skip to main content

Linux Kernel CVE-2026-31482

| EUVDEUVD-2026-24844 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-2rvp-wpqf-89pf
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.7 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 13:52 vuln.today
CVSS changed
Apr 28, 2026 - 13:52 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 13:46 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24844
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

s390/entry: Scrub r12 register on kernel entry

Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers loaded r12 with the current task pointer (lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros. That commit removed TIF_ISOLATE_BP, dropping both the branch prediction macros and the r12 load, but did not add r12 to the register clearing sequence.

Add the missing xgr %r12,%r12 to make the register scrub consistent across all entry points.

AnalysisAI

Information disclosure in Linux kernel s390 architecture allows local authenticated attackers to read residual data from r12 register during kernel entry transitions, enabling potential exposure of sensitive kernel state through register side channels. This occurs on s390 systems running kernel versions 6.4 through 7.0-rc5 and affects all architectures due to incomplete register scrubbing following removal of branch prediction isolation code. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Technical ContextAI

The vulnerability stems from a register cleanup regression in s390 architecture entry code. Commit f33f2d4c7c80 removed the TIF_ISOLATE_BP (branch prediction isolation) feature and its associated BPENTER/BPEXIT macros that previously loaded r12 with the current task pointer (lg %r12,__LC_CURRENT). The removal was incomplete-while the macros and r12 load were deleted, r12 was not added to the register clearing/scrubbing sequence executed on kernel entry. This leaves r12 containing potentially sensitive values from user-space execution context. The fix adds 'xgr %r12,%r12' (XOR r12 against itself) to the register scrub routine, ensuring consistent register initialization across all kernel entry points on s390. This is s390-specific code but affects all Linux distributions running affected kernel versions on IBM System z hardware.

RemediationAI

Upgrade to patched kernel versions: Linux 6.6.131 or later, 6.12.80 or later, 6.18.21 or later, 6.19.11 or later, or 7.0 final release or later. For users unable to upgrade immediately, restrict unprivileged user access via PAM/sudoers or user namespace isolation if the system permits, recognizing this eliminates the PR:L requirement and reduces attack surface to privileged users only, though does not eliminate the vulnerability. The fix is available in upstream kernel repositories at the commit hashes listed in references (a58d298a83a3a, 7f4e3233faa84, 95c899cd7918, 99a8b420f3f0e, 0738d395aab8f); backports to stable branches are documented in EUVD. Given the low EPSS score and non-networked attack vector, patching can be scheduled during normal maintenance windows rather than emergency procedures.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31482 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy