CVE-2026-31558 PUBLISHED

LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 24.04.2026

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust

kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this case so as to make it more robust.

This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 73516e9da512adc63ba3859fbd82a21f6257348f to 596c3f8069c4792f22fce8c4452f44410032d910 (excl.) affected from 73516e9da512adc63ba3859fbd82a21f6257348f to 878cf6acb4fd8ab4126cf9d369a5bb0e23123418 (excl.) affected from 73516e9da512adc63ba3859fbd82a21f6257348f to 47857b05bd50db01e211a1b6f513d57901cd3e6b (excl.) affected from 73516e9da512adc63ba3859fbd82a21f6257348f to 2db06c15d8c7a0ccb6108524e16cd9163753f354 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.10 is affected unaffected from 0 to 6.10 (excl.) unaffected from 6.12.80 to 6.12.* (incl.) unaffected from 6.18.21 to 6.18.* (incl.) unaffected from 6.19.11 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-31558 PUBLISHED

LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust

Product Status

References