HIGHCVE-2026-31569Published Modified CNA Linux
CVE-2026-31569: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that cpuid >= 4. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].
Metrics
- CVSS v3.1
- 7.3
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
0126053d0a685bf1f2e98db8966386f38b23363382a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c36.18.216.19.117.0b97bd69eb0f67b5f961b304d28e9ba45e202d841
Affected packages
- Linux / Linux< 126053d0a685bf1f2e98db8966386f38b2336338 (from 3956a52bc05bd811082a3c9d2b423ee957e6fefc) · < 2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3 (from 3956a52bc05bd811082a3c9d2b423ee957e6fefc) · < b97bd69eb0f67b5f961b304d28e9ba45e202d841 (from 3956a52bc05bd811082a3c9d2b423ee957e6fefc)
- Linux / Linux6.13Fixed in 0, 6.18.21, 6.19.11, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H