CVE-2026-31588 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 27, 2026
Linux Kernel KVM - Use After Free
Published: April 24, 2026Updated: April 27, 2026
Overview
Linux kernel KVM x86 contains a use-after-free vulnerability caused by referencing on-stack variables during split MMIO writes across page boundaries, letting attackers cause memory corruption, exploit requires MMIO page split with on-stack source variable.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can cause use-after-free memory corruption, potentially leading to system instability or arbitrary code execution.
Mitigation
Update to the latest Linux kernel version containing the KVM fix for MMIO fragment scratch field usage.
References
- https://git.kernel.org/stable/c/b5a02d37eb0739f462fa12df449ab9b3480c783b
- https://git.kernel.org/stable/c/0b16e69d17d8c35c5c9d5918bf596c75a44655d3
- https://git.kernel.org/stable/c/dc6a6c3db3a4eca7e747cfc46e22c08d016c68f7
- https://git.kernel.org/stable/c/22d2ff69d487a32a8b88f9c970120fc2daa08a77
- https://git.kernel.org/stable/c/2b83d91e9ae92fe1258d7040a32430bbb3bb7d6e
- https://git.kernel.org/stable/c/3a7b6d75c8f85b09dea893f64a85a356bcf6c3fe
Related Resources
Details
- CVE ID
- CVE-2026-31588
- Severity
- High
- CVSS Score
- 8.8
- Type
- use_after_free
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H