Description
In the Linux kernel, the following vulnerability has been resolved:

s390/syscalls: Add spectre boundary for syscall dispatch table

The s390 syscall number is directly controlled by userspace, but does
not have an array_index_nospec() boundary to prevent access past the
syscall function pointer tables.
Published: 2026-04-22
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: Spectre-based data disclosure via out-of-bounds syscall dispatch
Action: Patch ASAP
AI Analysis

Impact

A flaw in the Linux kernel’s s390 architecture allows a userspace process to control the syscall number and bypass an array_index_nospec boundary, enabling a speculative execution path that can read arbitrary kernel memory. This results in a confidentiality compromise consistent with a Spectre variant, allowing an attacker to potentially expose sensitive information such as passwords, cryptographic keys, or other memory contents. The vulnerability is a classic out‑of‑bounds read that can be exploited through speculative execution to leak data to the attacker without modifying the kernel state.

Affected Systems

All Linux kernel versions running on the s390 architecture are affected because no version information is specified. The issue applies to the generic Linux kernel on s390, regardless of distribution, until the patch adding a spectre boundary is incorporated.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is unavailable, but the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: any userspace process on an s390 system can pass a crafted syscall number to trigger the out‑of‑bounds access. Because the flaw relies on speculative execution and lacks proper bounds checks, it is considered a high‑risk vulnerability until a kernel update is applied.

Generated by OpenCVE AI on April 22, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel release that includes the patch adding a Spectre boundary to the s390 syscall dispatch table.
  • If an immediate kernel upgrade is not possible, apply a manual patch to the kernel source adding an array_index_nospec() check around the s390 syscall dispatch logic before compiling.
  • Enable all generic kernel Spectre mitigations (e.g., CONFIG_X86_INTEL_NOTRACK or equivalent) to reduce the exploitation probability while waiting for the official patch.

Generated by OpenCVE AI on April 22, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-20

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but does not have an array_index_nospec() boundary to prevent access past the syscall function pointer tables.
Title s390/syscalls: Add spectre boundary for syscall dispatch table
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-22T13:54:09.561Z

Reserved: 2026-03-09T15:48:24.101Z

Link: CVE-2026-31483

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:45.627

Modified: 2026-04-23T16:17:41.280

Link: CVE-2026-31483

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31483 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T19:00:08Z

Weaknesses