VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31564

CVE-2026-31564

Description

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()

In function kvm_eiointc_regs_access(), the register base address is caculated from array base address plus offset, the offset is absolute value from the base address. The data type of array base address is u64, it should be converted into the "void *" type and then plus the offset.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, a pointer arithmetic bug in LoongArch KVM's eiointc register access function may cause incorrect memory access.

A vulnerability has been discovered in the Linux kernel affecting the LoongArch KVM implementation. In the function kvm_eiointc_regs_access(), the register base address calculation is performed incorrectly. The code computes an offset from an array base address, but fails to cast the base address (a u64 value) to a void * pointer before adding the offset [1]. This results in the offset being applied to the integer representation rather than the memory address, causing the function to access the wrong memory location [1].

Exploitation

To exploit this bug, an attacker would require the ability to trigger the affected code path within a LoongArch KVM guest, which typically involves accessing certain emulated device registers. The vulnerability does not require special privileges beyond those needed to interact with the KVM virtual device [1]. The attacker must be able to influence the register offset that is passed to kvm_eiointc_regs_access() [1].

Impact

An incorrect base address calculation could cause the KVM hypervisor to read or write to unintended memory locations. This may lead to information disclosure (reading sensitive kernel data) or a denial of service (crash or corruption of kernel structures) [1]. The CVSS v3 score of 5.5 (Medium) reflects the potential for moderate impact with local access required.

Mitigation

The fix is included in the Linux kernel stable trees, as committed in [1]. System administrators should apply the latest kernel updates to ensure the corrected pointer arithmetic is in place. No workarounds are documented, but the vulnerability is patched.

References
  1. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.19.1,<6.19.11
    • cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.