Description
In the Linux kernel, the following vulnerability has been resolved:

s390/syscalls: Add spectre boundary for syscall dispatch table

The s390 syscall number is directly controlled by userspace, but does
not have an array_index_nospec() boundary to prevent access past the
syscall function pointer tables.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑bounds read of the syscall dispatch table
Action: Patch
AI Analysis

Impact

The Linux kernel for the s390 architecture contains an unchecked syscall number that can be supplied directly by userspace. Because no array_index_nospec boundary is applied, a crafted syscall number may result in an out‑of‑bounds read of the syscall function pointer table. While the CVE description does not confirm that an attacker can read arbitrary kernel memory, the missing boundary check allows data outside the intended table to be accessed, and based on the description it is inferred that this could potentially expose information to the process owning the crafted request.

Affected Systems

All Linux kernel builds running on the s390 platform that include versions from 5.12 onward, including the 7.0 release candidates, are affected until the patch that adds the spectre boundary is merged. No other architectures or kernel releases are listed as impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of < 1 % denotes a very low likelihood of exploitation, and the vulnerability is not present in the CISA KEV catalog. The attack is feasible from any userspace process on an s390 system, which can supply a crafted syscall number to trigger the out‑of‑bounds read. The CVE data does not provide evidence that the read leads to a broader data disclosure, but based on the description it is inferred that the out‑of‑bounds region could contain sensitive kernel data, making disclosure possible.

Generated by OpenCVE AI on April 29, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a release that incorporates the patch adding the spectre boundary to the s390 syscall dispatch logic.
  • If a kernel upgrade is temporarily unavailable, patch the kernel source by inserting an array_index_nospec() check around the s390 syscall dispatch logic, then recompile and reinstall the kernel.
  • Enable any generic Spectre mitigations supported on s390 (such as SPEC_STORE_BYPASS), and ensure that kernel hardening options and workload isolation mechanisms (e.g., SELinux, AppArmor) remain active to reduce the impact if exploitation occurs.

Generated by OpenCVE AI on April 29, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 29 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-20

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-20

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but does not have an array_index_nospec() boundary to prevent access past the syscall function pointer tables.
Title s390/syscalls: Add spectre boundary for syscall dispatch table
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:09:36.271Z

Reserved: 2026-03-09T15:48:24.101Z

Link: CVE-2026-31483

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:45.627

Modified: 2026-04-28T13:40:13.473

Link: CVE-2026-31483

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31483 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T03:30:15Z

Weaknesses