Skip to main content

Linux Kernel EUVDEUVD-2026-24846

| CVE-2026-31483 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 13:52 vuln.today
CVSS changed
Apr 28, 2026 - 13:52 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 13:40 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24846
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

s390/syscalls: Add spectre boundary for syscall dispatch table

The s390 syscall number is directly controlled by userspace, but does not have an array_index_nospec() boundary to prevent access past the syscall function pointer tables.

AnalysisAI

Denial of service in Linux kernel on s390 architecture allows local authenticated attackers to crash the system by triggering an out-of-bounds access in the syscall dispatch table. The s390 syscall number is directly controlled by userspace without spectre boundary protection (array_index_nospec), enabling an attacker with local user privileges to supply an invalid syscall number that bypasses array bounds checking and causes a memory access violation. EPSS score is extremely low (0.03%), consistent with limited attack surface on s390-specific systems and requirement for local authentication.

Technical ContextAI

The s390 architecture implements syscall dispatch via a function pointer table indexed by the syscall number. Unlike other architectures and mitigations for Spectre variant 1 attacks, the s390 implementation was missing the array_index_nospec() boundary check that prevents speculative execution from accessing out-of-bounds table entries. When a user-controlled syscall number is passed to the kernel without bounds validation wrapped in array_index_nospec(), an attacker can craft an invalid syscall index that causes the processor to speculatively access memory beyond the legitimate syscall table, triggering a kernel panic or information leak via side-channel. The fix applies speculative load hardening to the syscall dispatch path, a standard Spectre mitigation technique. This affects all s390 Linux kernel versions prior to the patched releases identified in the CVE data.

RemediationAI

Update Linux kernel to patched versions: Linux 5.15.203 or later for 5.x branch, 6.1.168 or later for 6.1.x, 6.6.131 or later for 6.6.x, 6.12.80 or later for 6.12.x, 6.18.21 or later for 6.18.x, 6.19.11 or later for 6.19.x, or 7.0 final release or later. For systems unable to update immediately, no direct workaround exists; however, the attack requires local user-level access, so restricting user accounts and enforcing strict access controls can mitigate practical risk. Organizations using s390 should prioritize this patch during their next scheduled maintenance window but may defer if access controls are already stringent. No side effects from patching are expected; the fix adds only a speculative load barrier to syscall dispatch, which introduces negligible performance overhead on modern processors.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy