Bug 2461530 (CVE-2026-31564)

Summary: CVE-2026-31564 kernel: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel, specifically within the Kernel-based Virtual Machine (KVM) component for LoongArch architecture. An incorrect base address calculation in the `kvm_eiointc_regs_access()` function, where a `u64` type was not properly converted to a `void *` before adding an offset, could lead to memory corruption. This vulnerability may allow a local attacker to access or modify unintended memory regions, potentially resulting in information disclosure or denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-24 15:06:52 UTC 
In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()

In function kvm_eiointc_regs_access(), the register base address is
caculated from array base address plus offset, the offset is absolute
value from the base address. The data type of array base address is
u64, it should be converted into the "void *" type and then plus the
offset.
Comment 1 Keith Grant 2026-04-24 17:44:40 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042459-CVE-2026-31564-c762@gregkh/T