{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31601", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.121Z", "datePublished": "2026-04-24T14:42:25.287Z", "dateUpdated": "2026-04-24T14:42:25.287Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-24T14:42:25.287Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/xe: Reorganize the init to decouple migration from reset\n\nAttempting to issue reset on VF devices that don't support migration\nleads to the following:\n\n BUG: unable to handle page fault for address: 00000000000011f8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 2 UID: 0 PID: 7443 Comm: xe_sriov_flr Tainted: G S U 7.0.0-rc1-lgci-xe-xe-4588-cec43d5c2696af219-nodebug+ #1 PREEMPT(lazy)\n Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n RIP: 0010:xe_sriov_vfio_wait_flr_done+0xc/0x80 [xe]\n Code: ff c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 54 53 <83> bf f8 11 00 00 02 75 61 41 89 f4 85 f6 74 52 48 8b 47 08 48 89\n RSP: 0018:ffffc9000f7c39b8 EFLAGS: 00010202\n RAX: ffffffffa04d8660 RBX: ffff88813e3e4000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000f7c39c8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888101a48800\n R13: ffff88813e3e4150 R14: ffff888130d0d008 R15: ffff88813e3e40d0\n FS: 00007877d3d0d940(0000) GS:ffff88890b6d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000011f8 CR3: 000000015a762000 CR4: 0000000000f52ef0\n PKRU: 55555554\n Call Trace:\n <TASK>\n xe_vfio_pci_reset_done+0x49/0x120 [xe_vfio_pci]\n pci_dev_restore+0x3b/0x80\n pci_reset_function+0x109/0x140\n reset_store+0x5c/0xb0\n dev_attr_store+0x17/0x40\n sysfs_kf_write+0x72/0x90\n kernfs_fop_write_iter+0x161/0x1f0\n vfs_write+0x261/0x440\n ksys_write+0x69/0xf0\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x259/0x26e0\n do_syscall_64+0xcb/0x1500\n ? __fput+0x1a2/0x2d0\n ? fput_close_sync+0x3d/0xa0\n ? __x64_sys_close+0x3e/0x90\n ? x64_sys_call+0x1b7c/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? __task_pid_nr_ns+0x68/0x100\n ? __do_sys_getpid+0x1d/0x30\n ? x64_sys_call+0x10b5/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? putname+0x41/0x90\n ? do_faccessat+0x1e8/0x300\n ? __x64_sys_access+0x1c/0x30\n ? x64_sys_call+0x1822/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? tick_program_event+0x43/0xa0\n ? hrtimer_interrupt+0x126/0x260\n ? irqentry_exit+0xb2/0x710\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7877d5f1c5a4\n Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d a5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\n RSP: 002b:00007fff48e5f908 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007877d5f1c5a4\n RDX: 0000000000000001 RSI: 00007877d621b0c9 RDI: 0000000000000009\n RBP: 0000000000000001 R08: 00005fb49113b010 R09: 0000000000000007\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007877d621b0c9\n R13: 0000000000000009 R14: 00007fff48e5fac0 R15: 00007fff48e5fac0\n </TASK>\n\nThis is caused by the fact that some of the xe_vfio_pci_core_device\nmembers needed for handling reset are only initialized as part of\nmigration init.\n\nFix the problem by reorganizing the code to decouple VF init from\nmigration init."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vfio/pci/xe/main.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8fa4113fc65b8b29a30fbbca5fd82221dc6e146e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "73e53ff144a538f1843b3dea1e2740a755031cdc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vfio/pci/xe/main.c"], "versions": [{"version": "6.19.14", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.1", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8fa4113fc65b8b29a30fbbca5fd82221dc6e146e"}, {"url": "https://git.kernel.org/stable/c/73e53ff144a538f1843b3dea1e2740a755031cdc"}], "title": "vfio/xe: Reorganize the init to decouple migration from reset", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/xe: Reorganize the init to decouple migration from reset\n\nAttempting to issue reset on VF devices that don't support migration\nleads to the following:\n\n BUG: unable to handle page fault for address: 00000000000011f8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 2 UID: 0 PID: 7443 Comm: xe_sriov_flr Tainted: G S U 7.0.0-rc1-lgci-xe-xe-4588-cec43d5c2696af219-nodebug+ #1 PREEMPT(lazy)\n Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n RIP: 0010:xe_sriov_vfio_wait_flr_done+0xc/0x80 [xe]\n Code: ff c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 54 53 <83> bf f8 11 00 00 02 75 61 41 89 f4 85 f6 74 52 48 8b 47 08 48 89\n RSP: 0018:ffffc9000f7c39b8 EFLAGS: 00010202\n RAX: ffffffffa04d8660 RBX: ffff88813e3e4000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000f7c39c8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888101a48800\n R13: ffff88813e3e4150 R14: ffff888130d0d008 R15: ffff88813e3e40d0\n FS: 00007877d3d0d940(0000) GS:ffff88890b6d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000011f8 CR3: 000000015a762000 CR4: 0000000000f52ef0\n PKRU: 55555554\n Call Trace:\n <TASK>\n xe_vfio_pci_reset_done+0x49/0x120 [xe_vfio_pci]\n pci_dev_restore+0x3b/0x80\n pci_reset_function+0x109/0x140\n reset_store+0x5c/0xb0\n dev_attr_store+0x17/0x40\n sysfs_kf_write+0x72/0x90\n kernfs_fop_write_iter+0x161/0x1f0\n vfs_write+0x261/0x440\n ksys_write+0x69/0xf0\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x259/0x26e0\n do_syscall_64+0xcb/0x1500\n ? __fput+0x1a2/0x2d0\n ? fput_close_sync+0x3d/0xa0\n ? __x64_sys_close+0x3e/0x90\n ? x64_sys_call+0x1b7c/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? __task_pid_nr_ns+0x68/0x100\n ? __do_sys_getpid+0x1d/0x30\n ? x64_sys_call+0x10b5/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? putname+0x41/0x90\n ? do_faccessat+0x1e8/0x300\n ? __x64_sys_access+0x1c/0x30\n ? x64_sys_call+0x1822/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? tick_program_event+0x43/0xa0\n ? hrtimer_interrupt+0x126/0x260\n ? irqentry_exit+0xb2/0x710\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7877d5f1c5a4\n Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d a5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\n RSP: 002b:00007fff48e5f908 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007877d5f1c5a4\n RDX: 0000000000000001 RSI: 00007877d621b0c9 RDI: 0000000000000009\n RBP: 0000000000000001 R08: 00005fb49113b010 R09: 0000000000000007\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007877d621b0c9\n R13: 0000000000000009 R14: 00007fff48e5fac0 R15: 00007fff48e5fac0\n </TASK>\n\nThis is caused by the fact that some of the xe_vfio_pci_core_device\nmembers needed for handling reset are only initialized as part of\nmigration init.\n\nFix the problem by reorganizing the code to decouple VF init from\nmigration init."}], "id": "CVE-2026-31601", "lastModified": "2026-04-24T17:51:40.810", "metrics": {}, "published": "2026-04-24T15:16:39.090", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/73e53ff144a538f1843b3dea1e2740a755031cdc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8fa4113fc65b8b29a30fbbca5fd82221dc6e146e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: vfio/xe: Reorganize the init to decouple migration from reset", "id": "2461513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461513"}, "csaw": false, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's vfio/xe driver. An attacker, by attempting to reset a Virtual Function (VF) device that does not support migration, can trigger a kernel page fault. This can lead to a system crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-31601", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31601\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31601\nhttps://lore.kernel.org/linux-cve-announce/2026042418-CVE-2026-31601-1cb0@gregkh/T"]}

{}