Skip to main content

Linux Kernel KVM EUVDEUVD-2026-25462

| CVE-2026-31569 HIGH
Out-of-bounds Read (CWE-125)
2026-04-24 Linux GHSA-7754-rvmq-f6w2
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

8
Re-analysis Queued
Apr 27, 2026 - 20:37 vuln.today
cvss_changed
Patch released
Apr 27, 2026 - 20:33 nvd
Patch available
Analysis Generated
Apr 27, 2026 - 15:30 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
7.3 (HIGH)
Patch available
Apr 24, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25462
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:35 nvd
HIGH 7.3

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that cpuid >= 4.

This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

AnalysisAI

Out-of-bounds memory access in Linux Kernel's KVM subsystem for LoongArch architecture allows local authenticated attackers with low privileges to read limited kernel memory and cause system crashes. The vulnerability stems from improper handling of empty EIOINTC coremap values in eiointc_update_sw_coremap(), resulting in invalid array indexing into kvm_arch::phyid_map::phys_map[]. While CVSS rates this 7.3 HIGH, the EPSS score of 0.02% (4th percentile) indicates minimal real-world exploitation activity. No active exploitation (not in CISA KEV) or public POC has been identified. Vendor patches are available across multiple stable kernel branches (6.18.21, 6.19.11, 7.0, and mainline).

Technical ContextAI

This vulnerability affects the LoongArch KVM (Kernel-based Virtual Machine) implementation's Extended I/O Interrupt Controller (EIOINTC) handling. The EIOINTC is part of LoongArch's interrupt routing architecture for virtualized environments. When eiointc_update_sw_coremap() processes an empty coremap, the code incorrectly returns a cpuid value of -1 instead of 0. This -1 value is then used as an array index into kvm_arch::phyid_map::phys_map[], causing out-of-bounds memory access. The CPE strings indicate this affects Linux kernel implementations specifically on LoongArch architecture systems with KVM enabled. The fix normalizes the empty coremap case to behave identically to the cpuid >= 4 boundary condition, returning 0 instead of -1. This is a buffer overflow variant specific to virtualization subsystem memory management, affecting kernel versions from commit 3956a52bc05b onwards until patched.

RemediationAI

Apply vendor-released kernel updates to fixed versions: 6.18.21, 6.19.11, or 7.0 and later for respective stable branches, or apply upstream commits 126053d0a685bf1f2e98db8966386f38b2336338, 2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3, or b97bd69eb0f67b5f961b304d28e9ba45e202d841 available at https://git.kernel.org/stable/. For systems unable to immediately patch, disable KVM functionality on LoongArch systems if virtualization is not operationally required (trade-off: eliminates virtual machine capabilities entirely). Restrict access to /dev/kvm device file to trusted administrative users only via chmod 600 /dev/kvm and review KVM-capable user group memberships (trade-off: limits legitimate virtualization use cases, does not prevent exploitation by already-privileged users). Monitor for abnormal KVM guest behavior including unexpected crashes or memory access violations via kernel logs and auditd. No configuration-level workaround exists that maintains KVM functionality while mitigating the vulnerability, making kernel update the only complete remediation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-25462 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy