Description
In the Linux kernel, the following vulnerability has been resolved:

s390/mm: Add missing secure storage access fixups for donated memory

There are special cases where secure storage access exceptions happen
in a kernel context for pages that don't have the PG_arch_1 bit
set. That bit is set for non-exported guest secure storage (memory)
but is absent on storage donated to the Ultravisor since the kernel
isn't allowed to export donated pages.

Prior to this patch we would try to export the page by calling
arch_make_folio_accessible() which would instantly return since the
arch bit is absent signifying that the page was already exported and
no further action is necessary. This leads to secure storage access
exception loops which can never be resolved.

With this patch we unconditionally try to export and if that fails we
fixup.
Published: 2026-04-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (kernel)
Action: Immediate Patch
AI Analysis

Impact

The kernel bypasses a required security check when handling memory donated to the Ultravisor. The missing PG_arch_1 bit causes exported pages to be considered ready, leading the export routine to finish immediately. Because the page is not truly exported, subsequent secure storage accesses raise exceptions that cannot be resolved, creating an infinite loop. This flaw falls under CWE‑125 and CWE‑248 and can result in a denial of service by freezing the kernel or causing repeated panic loops.

Affected Systems

The vulnerability is present in any Linux kernel that aligns with the listed CPEs: the generic Linux kernel, all releases from 5.7 onward, and the 7.0 release candidates 1 through 7. This covers a wide range of production systems that use the s390 architecture as well as developers working with the 7.0 rc series.

Risk and Exploitability

The CVSS base score of 7.1 indicates a moderate‑to‑severe impact, while an EPSS score of less than 1% suggests that exploitation is currently unlikely but not impossible. The flaw is not included in the CISA KEV list. An attacker would need kernel‑level privilege or a malicious kernel module that triggers the secure storage path on donated pages; no user‑level input can trigger it. Because the failure manifests within the kernel, patching the kernel is the only definitive fix.

Generated by OpenCVE AI on April 28, 2026 at 14:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that fixes CVE-2026-31568 (upgrade to a patched release).
  • If immediate patching is not possible, disable the Ultravisor memory donation feature that supplies pages without the PG_arch_1 bit, thereby preventing the exception loop from being triggered.
  • Enable and monitor kernel logs for "secure_storage" exceptions to detect any remaining anomalies and ensure the system is not attempting to use donated memory paths.

Generated by OpenCVE AI on April 28, 2026 at 14:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-248
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PG_arch_1 bit set. That bit is set for non-exported guest secure storage (memory) but is absent on storage donated to the Ultravisor since the kernel isn't allowed to export donated pages. Prior to this patch we would try to export the page by calling arch_make_folio_accessible() which would instantly return since the arch bit is absent signifying that the page was already exported and no further action is necessary. This leads to secure storage access exception loops which can never be resolved. With this patch we unconditionally try to export and if that fails we fixup.
Title s390/mm: Add missing secure storage access fixups for donated memory
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:11:18.354Z

Reserved: 2026-03-09T15:48:24.117Z

Link: CVE-2026-31568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:31.313

Modified: 2026-04-27T20:32:54.570

Link: CVE-2026-31568

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31568 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:15:34Z

Weaknesses