CVE-2026-31483
Description
In the Linux kernel, the following vulnerability has been resolved:
s390/syscalls: Add spectre boundary for syscall dispatch table
The s390 syscall number is directly controlled by userspace, but does not have an array_index_nospec() boundary to prevent access past the syscall function pointer tables.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The s390 syscall dispatch table lacks an array_index_nospec() boundary, allowing speculative out-of-bounds access via userspace-controlled syscall numbers.
Vulnerability
The s390 architecture's syscall dispatch table does not use array_index_nospec() to bound the syscall number, which is directly controlled by userspace. This missing speculation barrier could allow an attacker to speculatively access memory beyond the syscall function pointer tables.
Exploitation
An unprivileged local user can invoke a syscall with a crafted number that, during speculative execution, may bypass bounds checks and read or jump to arbitrary kernel addresses. No special privileges are required beyond the ability to execute syscalls.
Impact
Successful exploitation could lead to information disclosure (reading kernel memory) or potentially control flow hijacking via speculative execution, similar to Spectre variant 1 attacks. The CVSS score of 5.5 reflects a medium severity.
Mitigation
The fix adds array_index_nospec() to the syscall dispatch path. Patches have been applied to the stable kernel trees as seen in commits [1], [2], [3], [4]. Users should update to kernels containing these fixes.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.12.1,<5.15.203
- cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310nvdPatch
- git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333nvdPatch
- git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbdnvdPatch
- git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256nvdPatch
- git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0nvdPatch
- git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3nvdPatch
- git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4nvdPatch
News mentions
0No linked articles in our index yet.