CVE-2026-31553

high

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset*8. ;-) Fix it.

References

https://git.kernel.org/stable/c/4307e05e568782fc92eff651b09ee5dee88a058d

https://git.kernel.org/stable/c/0496acc42fb51eee040b5170cec05cec41385540

Details

Source: Mitre, NVD

Published: 2026-04-24

Updated: 2026-04-27

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018