CVE-2026-31553 PUBLISHED

KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 24.04.2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()

Using "(u64 __user )hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset8. ;-)

Fix it.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from f6927b41d57390c597a126063e2e518911976878 to 4307e05e568782fc92eff651b09ee5dee88a058d (excl.) affected from f6927b41d57390c597a126063e2e518911976878 to 0496acc42fb51eee040b5170cec05cec41385540 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.19.11 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-31553 PUBLISHED

KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc()

Product Status

References