HIGHCVE-2026-31553Published Modified CNA Linux
CVE-2026-31553: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset*8. ;-) Fix it.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
00496acc42fb51eee040b5170cec05cec413855404307e05e568782fc92eff651b09ee5dee88a058d6.19.117.0
Affected packages
- Linux / Linux< 4307e05e568782fc92eff651b09ee5dee88a058d (from f6927b41d57390c597a126063e2e518911976878) · < 0496acc42fb51eee040b5170cec05cec41385540 (from f6927b41d57390c597a126063e2e518911976878)
- Linux / Linux6.19Fixed in 0, 6.19.11, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HReferences