CVE-2026-31482
Description
In the Linux kernel, the following vulnerability has been resolved:
s390/entry: Scrub r12 register on kernel entry
Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers loaded r12 with the current task pointer (lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros. That commit removed TIF_ISOLATE_BP, dropping both the branch prediction macros and the r12 load, but did not add r12 to the register clearing sequence.
Add the missing xgr %r12,%r12 to make the register scrub consistent across all entry points.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing register scrub of r12 in s390 kernel entry could leak sensitive data; fixed by adding xgr %r12,%r12.
Vulnerability
CVE-2026-31482 is a missing register clearing vulnerability in the Linux kernel's s390 architecture. Before commit f33f2d4c7c80 ("s390, all kernel entry handlers loaded the r12 register with the current task pointer (via lg %r12,__LC_CURRENT) for use by branch prediction macros (BPENTER/BPEXIT). That commit removed the TIF_ISOLATE_BP feature, dropping both the branch prediction macros and the r12 load, but did not add r12 to the register clearing sequence. This oversight means that on kernel entry, r12 may retain stale data from the previous execution context, potentially leaking sensitive information.
Exploitation
Exploitation
An attacker with local access and the ability to observe or influence kernel entry points could potentially exploit this information leak. The vulnerability is present in all s390 kernel entry paths that were previously loading r12 but no longer clear it. No special privileges are required beyond local access, as the leak occurs during normal kernel entry operations.
Impact
The primary impact is information disclosure. The r12 register may contain kernel pointers or other sensitive data from the previous context, which could be observed by an attacker. This could aid in bypassing kernel address space layout randomization (KASLR) or other security mechanisms. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and potential for information disclosure.
Mitigation
The fix adds xgr %r12,%r12 to the register clearing sequence, ensuring r12 is zeroed on every kernel entry. The patch has been applied to the stable kernel tree [1][2][3][4]. Users should update to a kernel version containing this commit to mitigate the vulnerability.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.4.1,<6.6.131
- cpe:2.3:o:linux:linux_kernel:6.4:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/0738d395aab8fae3b5a3ad3fc640630c91693c27nvdPatch
- git.kernel.org/stable/c/7f4e3233faa8470dd0627bc49b2809f2bfebd909nvdPatch
- git.kernel.org/stable/c/95c899cd791803a5bf7b73e5994fbbe1cc1a9c36nvdPatch
- git.kernel.org/stable/c/99a8b420f3f0e162eb9c9c9253929d4d23f9bd30nvdPatch
- git.kernel.org/stable/c/a58d298a83a3a9b7ca99ded9d60a1e77231159efnvdPatch
News mentions
0No linked articles in our index yet.