CVE-2026-31553HIGH 8.8EPSS p2.2%

CVE-2026-31553CVE-2026-31553

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset, not hva + offset*8. ;-) Fix it.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.12% probability of exploitation · percentile 2.2% · 2026-06-19T12:03:05Z
Published2026-04-24
Last modified2026-04-27

References

  1. https://git.kernel.org/stable/c/0496acc42fb51eee040b5170cec05cec41385540
  2. https://git.kernel.org/stable/c/4307e05e568782fc92eff651b09ee5dee88a058d

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31558
CVE
CVE-2026-46317
CVE
CVE-2026-31588
CVE
CVE-2026-31590
CVE
CVE-2026-46147
CVE
CVE-2023-53292
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.