VYPR
High severity7.8NVD Advisory· Published Apr 30, 2026· Updated May 6, 2026

CVE-2026-31786

CVE-2026-31786

Description

In the Linux kernel, the following vulnerability has been resolved:

Buffer overflow in drivers/xen/sys-hypervisor.c

The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string.

The first causes a buffer overflow as sprintf in buildid_show will read and copy till it finds a NUL.

00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P| 00000010 b9 a8 01 42 6f 2e 32 |...Bo.2| 00000017

So use a memcpy instead of sprintf to have the correct value:

00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P| 00000010 b9 a8 01 42 |...B| 00000014

(the above have a hack to embed a zero inside and check it's returned correctly).

This is XSA-485 / CVE-2026-31786

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

91

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.