Home / Vulnerability Intelligence / CVE-2026-31558

CVE-2026-31558 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 27, 2026

Linux Kernel - Out of Bounds Read/Write

Published: April 24, 2026Updated: April 27, 2026

Overview

Linux kernel contains an out-of-bounds access vulnerability in kvm_get_vcpu_by_cpuid() due to lack of validation for negative cpuid values, letting attackers cause memory corruption, exploit requires crafted cpuid input.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can cause out-of-bounds memory access leading to potential system instability or denial of service.

Mitigation

Update to the latest Linux kernel version containing the fix.

References

https://git.kernel.org/stable/c/2db06c15d8c7a0ccb6108524e16cd9163753f354
https://git.kernel.org/stable/c/47857b05bd50db01e211a1b6f513d57901cd3e6b
https://git.kernel.org/stable/c/596c3f8069c4792f22fce8c4452f44410032d910
https://git.kernel.org/stable/c/878cf6acb4fd8ab4126cf9d369a5bb0e23123418

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31558
Severity: High
CVSS Score: 8.8
Type: out_of_bounds_rw
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H