{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31569", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.117Z", "datePublished": "2026-04-24T14:35:48.768Z", "dateUpdated": "2026-04-27T14:04:07.997Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-27T14:04:07.997Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Handle the case that EIOINTC's coremap is empty\n\nEIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently\nwe get a cpuid with -1 in this case, but we actually need 0 because it's\nsimilar as the case that cpuid >= 4.\n\nThis fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[]."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/eiointc.c"], "versions": [{"version": "3956a52bc05bd811082a3c9d2b423ee957e6fefc", "lessThan": "126053d0a685bf1f2e98db8966386f38b2336338", "status": "affected", "versionType": "git"}, {"version": "3956a52bc05bd811082a3c9d2b423ee957e6fefc", "lessThan": "2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3", "status": "affected", "versionType": "git"}, {"version": "3956a52bc05bd811082a3c9d2b423ee957e6fefc", "lessThan": "b97bd69eb0f67b5f961b304d28e9ba45e202d841", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/eiointc.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/126053d0a685bf1f2e98db8966386f38b2336338"}, {"url": "https://git.kernel.org/stable/c/2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3"}, {"url": "https://git.kernel.org/stable/c/b97bd69eb0f67b5f961b304d28e9ba45e202d841"}], "title": "LoongArch: KVM: Handle the case that EIOINTC's coremap is empty", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Handle the case that EIOINTC's coremap is empty\n\nEIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently\nwe get a cpuid with -1 in this case, but we actually need 0 because it's\nsimilar as the case that cpuid >= 4.\n\nThis fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[]."}], "id": "CVE-2026-31569", "lastModified": "2026-04-27T15:16:12.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.7, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-04-24T15:16:31.420", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/126053d0a685bf1f2e98db8966386f38b2336338"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b97bd69eb0f67b5f961b304d28e9ba45e202d841"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty", "id": "2461444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461444"}, "csaw": false, "cwe": "CWE-823", "details": ["A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) component. When a specific internal data structure, known as EIOINTC's coremap, is empty, the system incorrectly processes a processor ID. This error can lead to an out-of-bounds memory access, meaning the system tries to read or write data beyond its allocated memory space. Such an issue could result in system instability, causing the system to crash, or potentially lead to the disclosure of sensitive information."], "name": "CVE-2026-31569", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31569\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31569\nhttps://lore.kernel.org/linux-cve-announce/2026042401-CVE-2026-31569-41ce@gregkh/T"]}