CVE-2026-31568
Description
In the Linux kernel, the following vulnerability has been resolved:
s390/mm: Add missing secure storage access fixups for donated memory
There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PG_arch_1 bit set. That bit is set for non-exported guest secure storage (memory) but is absent on storage donated to the Ultravisor since the kernel isn't allowed to export donated pages.
Prior to this patch we would try to export the page by calling arch_make_folio_accessible() which would instantly return since the arch bit is absent signifying that the page was already exported and no further action is necessary. This leads to secure storage access exception loops which can never be resolved.
With this patch we unconditionally try to export and if that fails we fixup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Secure storage access exception handling in s390 kernel lacks fixup for donated memory, leading to infinite loops and denial of service.
In the Linux kernel's s390 architecture, a vulnerability exists in the memory management subsystem where secure storage access exceptions occurring on storage donated to the Ultravisor are not properly handled. Pages donated to the Ultravisor lack the PG_arch_1 bit, which normally indicates non-exported guest secure storage. The kernel attempted to handle these exceptions by calling arch_make_folio_accessible(), but since the bit is absent, the function returns immediately without performing any action, leading to an infinite loop of unresolved exceptions [1], [2], [3].
This flaw can be triggered in kernel contexts when the system encounters a secure storage access exception for donated memory. No special privileges are required beyond access to the affected system, but the attack surface relies on conditions that cause such exceptions on pages without PG_arch_1. The vulnerability is local, requiring the ability to induce a secure storage access, possibly through interaction with the Ultravisor.
An attacker able to trigger the vulnerability can cause the kernel to enter an infinite loop, resulting in a system hang and effectively a denial of service (DoS). The CVSS score of 7.1 (High) reflects the availability impact with no confidentiality or integrity compromise.
The vulnerability has been fixed in the Linux kernel stable releases with commits [1], [2], and [3]. Users are advised to update to the latest kernel versions that include these patches.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.7.1,<6.18.21
- cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.