CVE-2026-31786
Description
In the Linux kernel, the following vulnerability has been resolved:
Buffer overflow in drivers/xen/sys-hypervisor.c
The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string.
The first causes a buffer overflow as sprintf in buildid_show will read and copy till it finds a NUL.
00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P| 00000010 b9 a8 01 42 6f 2e 32 |...Bo.2| 00000017
So use a memcpy instead of sprintf to have the correct value:
00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P| 00000010 b9 a8 01 42 |...B| 00000014
(the above have a hack to embed a zero inside and check it's returned correctly).
This is XSA-485 / CVE-2026-31786
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
91- osv-coords88 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-qemu-rcpkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18pkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
< 6.12.85-r2+ 87 more
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.89-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.89-r0
- (no CPE)range: < 6.18.24-r3
- (no CPE)range: < 7.1_rc3-r0
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 4.18.0-553.134.1.el8_10
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 6.12.0-211.26.1.el10_2
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 5.14.0-687.13.1.el9_8
- (no CPE)range: < 7.0.3-1.1
Patches
Vulnerability mechanics
References
10- git.kernel.org/stable/c/27fdbab4221b375de54bf91919798d88520c6e28nvdPatch
- git.kernel.org/stable/c/4b4defd2fce3f966c25adabf46644a85558f1169nvdPatch
- git.kernel.org/stable/c/52cecff98bda2c51eed1c6ce9d21c5d6268fb19dnvdPatch
- git.kernel.org/stable/c/5c5ff7c7bd15bb536f44b10b3fb5b8408f344d0anvdPatch
- git.kernel.org/stable/c/8288d031a01dbacfde3fc643f7be3d23504de64dnvdPatch
- git.kernel.org/stable/c/d5f59216650c51e5e3fcb7517c825bc8047f60efnvdPatch
- git.kernel.org/stable/c/e3af585e1728c917682b6a3de9a69b41fb9194d4nvdPatch
- git.kernel.org/stable/c/f458ba102da97fafca106327086fc95f3fc764cbnvdPatch
- www.openwall.com/lists/oss-security/2026/04/28/12nvdMailing ListThird Party Advisory
- xenbits.xen.org/xsa/advisory-485.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.