CVE-2026-31569

HIGH

LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that cpuid >= 4. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

References (3)

https://git.kernel.org/stable/c/126053d0a685bf1f2e98db8966386f38b2336338

https://git.kernel.org/stable/c/2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3

https://git.kernel.org/stable/c/b97bd69eb0f67b5f961b304d28e9ba45e202d841

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

Details

CWE

CWE-125

Status published

Products (11)

Linux/Linux < 6.13

Linux/Linux 3956a52bc05bd811082a3c9d2b423ee957e6fefc - 126053d0a685bf1f2e98db8966386f38b2336338

Linux/Linux 3956a52bc05bd811082a3c9d2b423ee957e6fefc - 2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3

Linux/Linux 3956a52bc05bd811082a3c9d2b423ee957e6fefc - b97bd69eb0f67b5f961b304d28e9ba45e202d841

Linux/Linux 6.13

Linux/Linux 6.18.21 - 6.18.*

Linux/Linux 6.19.11 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.13

linux/linux_kernel 7.0 rc1 (7 CPE variants)

... and 1 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026