CVE-2026-31564 - Vulnerability Details

- LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()

Description

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()

In function kvm_eiointc_regs_access(), the register base address is
caculated from array base address plus offset, the offset is absolute
value from the base address. The data type of array base address is
u64, it should be converted into the "void *" type and then plus the
offset.

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the LoongArch KVM implementation of the Linux kernel, the base address for a register in kvm_eiointc_regs_access() is calculated incorrectly. The function adds an offset directly to a 64‑bit base address value instead of first converting the base address to a pointer type, resulting in a type misuse categorized as CWE‑681. This incorrect calculation can lead to the use of out‑of‑bounds memory addresses, potentially corrupting kernel memory and causing instability such as kernel panics.

Affected Systems

The flaw affects the Linux kernel across versions 6.19 and all 7.0 release candidates up to and including 7.0‑rc7 when running on LoongArch hardware with the KVM hypervisor. Users running these kernel releases on affected systems are impacted until the code path is removed by the patch.

Risk and Exploitability

With a CVSS score of 5.5 the vulnerability is of moderate severity. The EPSS score is below 1 %, indicating a low likelihood of exploitation at present, and the flaw is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploiting the bug would require access to the vulnerable KVM subsystem and the ability to influence the address calculation, implying a local or privileged context rather than a wide‑range remote attack vector. The primary risk remains kernel memory corruption and potential system instability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d3e43a1f34acbb9a814337fc5624765538e5a274`	affected	< c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82
`d3e43a1f34acbb9a814337fc5624765538e5a274`	affected	< 6bcfb7f46d667b04bd1a1169ccedf5fb699c60df

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d3e43a1f34acbb9a814337fc5624765538e5a274,c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82)`	affected	code_commit	—
`[d3e43a1f34acbb9a814337fc5624765538e5a274,6bcfb7f46d667b04bd1a1169ccedf5fb699c60df)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.11,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the fixed base‑address calculation for LoongArch KVM.
Ensure that all KVM virtual machines boot with the updated kernel image so the vulnerable code path is not exercised.
If a kernel upgrade is not immediately feasible, monitor the system for signs of kernel instability or abnormal memory corruption and plan a rapid update as soon as possible.

Generated by OpenCVE AI on April 28, 2026 at 14:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/6bcfb7f46d667b04bd1a1169ccedf5fb699c60df
https://git.kernel.org/stable/c/c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82
https://lore.kernel.org/linux-cve-announce/2026042459-CVE-2026-31564-c762@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31564
https://www.cve.org/CVERecord?id=CVE-2026-31564

History

Mon, 27 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:6.19:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-681
References		https://lore.kernel.org/linux-cve-announce/2026042459-CVE-2026-31564-c762@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31564 https://www.cve.org/CVERecord?id=CVE-2026-31564

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register base address is caculated from array base address plus offset, the offset is absolute value from the base address. The data type of array base address is u64, it should be converted into the "void *" type and then plus the offset.
Title		LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/6bcfb7f46d667b04bd1a1169ccedf5fb699c60df https://git.kernel.org/stable/c/c4f0a9481cf0dd7c71a07484bc98f2570fdb3a82

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:35:45.302Z

Updated: 2026-05-11T22:11:13.366Z

Reserved: 2026-03-09T15:48:24.117Z

Link: CVE-2026-31564

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:30.850

Modified: 2026-04-27T20:31:10.233

Link: CVE-2026-31564

Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31564 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T14:15:34Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object