CVE-2026-31569 PUBLISHED

LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 24.04.2026

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that cpuid >= 4.

This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 3956a52bc05bd811082a3c9d2b423ee957e6fefc to 126053d0a685bf1f2e98db8966386f38b2336338 (excl.) affected from 3956a52bc05bd811082a3c9d2b423ee957e6fefc to 2a0cbcd28ecf6e0b88fa498bebb94bd1be61a7c3 (excl.) affected from 3956a52bc05bd811082a3c9d2b423ee957e6fefc to b97bd69eb0f67b5f961b304d28e9ba45e202d841 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.13 is affected unaffected from 0 to 6.13 (excl.) unaffected from 6.18.21 to 6.18.* (incl.) unaffected from 6.19.11 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-31569 PUBLISHED

LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

Product Status

References