Cyber Resilience

CVE-2026-31558

High

Published: 24 April 2026

Published
24 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 2.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31558 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31558 is a vulnerability in the Linux kernel's LoongArch KVM implementation. The issue affects the kvm_get_vcpu_by_cpuid() function, which takes an int cpuid parameter that can be negative, resulting in an out-of-bounds access to kvm_arch::phyid_map::phys_map[]. This corresponds to CWE-125 (Out-of-bounds Read) and has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact consequences across confidentiality, integrity, and availability (C:H/I:H/A:H), with a changed scope (S:C) that enables the attacker to affect resources beyond the vulnerable component, such as escalating privileges or causing kernel crashes within a LoongArch KVM environment.

Mitigation involves applying patches from Linux kernel stable releases, as detailed in the following commit references: https://git.kernel.org/stable/c/2db06c15d8c7a0ccb6108524e16cd9163753f354, https://git.kernel.org/stable/c/47857b05bd50db01e211a1b6f513d57901cd3e6b, https://git.kernel.org/stable/c/596c3f8069c4792f22fce8c4452f44410032d910, and https://git.kernel.org/stable/c/878cf6acb4fd8ab4126cf9d369a5bb0e23123418. These commits modify kvm_get_vcpu_by_cpuid() to return NULL for negative cpuid values, preventing the out-of-bounds access. Security practitioners should update affected LoongArch KVM systems promptly.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this case so as to…

more

make it more robust. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read in LoongArch KVM kernel code directly enables local exploitation for privilege escalation (T1068) with scope change and kernel crashes/DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31742Same product: Linux Linux Kernel
CVE-2026-31442Same product: Linux Linux Kernel
CVE-2025-21647Same product: Linux Linux Kernel
CVE-2024-57982Same product: Linux Linux Kernel
CVE-2022-49515Same product: Linux Linux Kernel
CVE-2025-71101Same product: Linux Linux Kernel
CVE-2022-49551Same product: Linux Linux Kernel
CVE-2026-31569Same product: Linux Linux Kernel
CVE-2022-49250Same product: Linux Linux Kernel
CVE-2026-23076Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.10, 7.0 · 6.10.1 — 6.12.80 · 6.13 — 6.18.21 · 6.19 — 6.19.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-31558 by requiring timely patching of the Linux kernel to add bounds checking in kvm_get_vcpu_by_cpuid() and prevent out-of-bounds access.

detect

Identifies systems vulnerable to CVE-2026-31558 through vulnerability scanning targeted at LoongArch KVM kernel versions.

detect

Monitors for exploitation indicators such as anomalous kernel behavior or out-of-bounds access attempts in LoongArch KVM environments.

References