CVE-2026-31569 HIGH

CVE-2026-31569: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

Vendor Linux
Product Linux
Published April 24, 2026
Last update May 11, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

What the vulnerability does

01Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that cpuid >= 4. This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

Key dates

02Disclosure timeline

April 24, 2026 CVE published
May 11, 2026 Record updated