Vulnerabilities ›

CVE-2026-31568

High

CWE-125 — Weakness Type

                    Published: Apr 24, 2026                      ·  Modified: May 1, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

s390/mm: Add missing secure storage access fixups for donated memory

There are special cases where secure storage access exceptions happen
in a kernel context for pages that don't have the PG_arch_1 bit
set. That bit is set for non-exported guest secure storage (memory)
but is absent on storage donated to the Ultravisor since the kernel
isn't allowed to export donated pages.

Prior to this patch we would try to export the page by calling
arch_make_folio_accessible() which would instantly return since the
arch bit is absent signifying that the page was already exported and
no further action is necessary. This leads to secure storage access
exception loops which can never be resolved.

With this patch we unconditionally try to export and if that fails we
fixup.

🤖 AI Executive Summary

A Linux kernel vulnerability on s390 architecture allows secure storage access exception loops when handling donated memory pages lacking the PG_arch_1 bit. The fix ensures unconditional export attempts with proper fixup handling to prevent infinite exception loops.

📄 Description (Arabic)

تؤثر هذه الثغرة على نواة Linux في معمارية s390 حيث تحدث استثناءات وصول التخزين الآمن في سياق kernel لصفحات الذاكرة المتبرع بها للـ Ultravisor. المشكلة تحدث لأن الكود السابق كان يحاول تصدير الصفحات بناءً على وجود بت PG_arch_1 الذي لا يكون موجوداً في الذاكرة المتبرع بها، مما يؤدي إلى حلقات استثناء لا نهائية.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 22:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: low

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1203 T1499

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update Linux kernel to patched version that implements unconditional secure storage export attempts with proper fixup handling for donated memory pages. Apply security patches from your Linux distribution vendor immediately.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة Linux إلى الإصدار المصحح الذي ينفذ محاولات تصدير التخزين الآمن غير المشروط مع معالجة الإصلاح المناسبة لصفحات الذاكرة المتبرع بها. طبق تصحيحات الأمان من موفر توزيعة Linux الخاص بك فوراً.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A1.1 A1.2

🔵 SAMA CSF

ID.RA-1 PR.IP-1

🟡 ISO 27001:2022

12.6.1 14.2.1

🔗 References & Sources 3

🔗

https://git.kernel.org/stable/c/43ac2d18db1131df0a89993f709131ebfc29f3bd

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/b00be77302d7ec4ad0367bb236494fce7172b730

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/b36b0e804aee5f20c6798dbeaeaa7cfdb7c6cf88

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 10 entries

linux:linux_kernel

linux:linux_kernel:5.7

linux:linux_kernel:7.0

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-125

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-04-24

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-125

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-31568

💬 Comments

Introduce Yourself

Sign In Required