{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31483", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.101Z", "datePublished": "2026-04-22T13:54:09.561Z", "dateUpdated": "2026-05-11T22:09:36.271Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:09:36.271Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tables."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/kernel/syscall.c"], "versions": [{"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "3c3b97064764899c39a0abbd35a6caa031e70333", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "1cb9c7bc9025c637564fabc7fcc3c9343949e310", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "7a5260fbc6e79a1595328ec5c6aa3f937504a1f0", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "f8c444b918d639e1f9a621ee20fe481c1d10dfc4", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "87776f02449e3bded95b2ccbd6b012e9ae64e6f3", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "4d05dd18d867d58c6952a3bc260d244899da7256", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "48b8814e25d073dd84daf990a879a820bad2bcbd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/kernel/syscall.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333"}, {"url": "https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310"}, {"url": "https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0"}, {"url": "https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4"}, {"url": "https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3"}, {"url": "https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256"}, {"url": "https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd"}], "title": "s390/syscalls: Add spectre boundary for syscall dispatch table", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA3D6441-4F2E-41AB-A26D-388B03A5932F", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B", "versionEndExcluding": "6.1.168", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6ED4D4-0046-4573-BFA9-D64143B6A89F", "versionEndExcluding": "6.6.131", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*", "matchCriteriaId": "75EB504D-4A83-4C67-9C8D-FD9C6C8EB4CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tables."}], "id": "CVE-2026-31483", "lastModified": "2026-04-28T13:40:13.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:45.627", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: s390/syscalls: Add spectre boundary for syscall dispatch table", "id": "2460693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460693"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1285", "details": ["A flaw was found in the Linux kernel's s390 architecture syscalls. A local attacker, by controlling the syscall number, could potentially access memory beyond the intended syscall function pointer tables. This lack of a boundary check, related to speculative execution (Spectre), may lead to information disclosure by allowing an attacker to read sensitive data from kernel memory."], "name": "CVE-2026-31483", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31483\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31483\nhttps://lore.kernel.org/linux-cve-announce/2026042259-CVE-2026-31483-9bc8@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,3c3b97064764899c39a0abbd35a6caa031e70333)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,1cb9c7bc9025c637564fabc7fcc3c9343949e310)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,7a5260fbc6e79a1595328ec5c6aa3f937504a1f0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,f8c444b918d639e1f9a621ee20fe481c1d10dfc4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,87776f02449e3bded95b2ccbd6b012e9ae64e6f3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,4d05dd18d867d58c6952a3bc260d244899da7256)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,48b8814e25d073dd84daf990a879a820bad2bcbd)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.12"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.12)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T03:23:38.629934+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a release that incorporates the patch adding the spectre boundary to the s390 syscall dispatch logic.", "If a kernel upgrade is temporarily unavailable, patch the kernel source by inserting an array_index_nospec() check around the s390 syscall dispatch logic, then recompile and reinstall the kernel.", "Enable any generic Spectre mitigations supported on s390 (such as SPEC_STORE_BYPASS), and ensure that kernel hardening options and workload isolation mechanisms (e.g., SELinux, AppArmor) remain active to reduce the impact if exploitation occurs."], "summary": {"action": "Patch", "impact": "Out\u2011of\u2011bounds read of the syscall dispatch table"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds running on the s390 platform that include versions from 5.12 onward, including the 7.0 release candidates, are affected until the patch that adds the spectre boundary is merged. No other architectures or kernel releases are listed as impacted.", "description_and_impact": "The Linux kernel for the s390 architecture contains an unchecked syscall number that can be supplied directly by userspace. Because no array_index_nospec boundary is applied, a crafted syscall number may result in an out\u2011of\u2011bounds read of the syscall function pointer table. While the CVE description does not confirm that an attacker can read arbitrary kernel memory, the missing boundary check allows data outside the intended table to be accessed, and based on the description it is inferred that this could potentially expose information to the process owning the crafted request.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. The EPSS score of <\u202f1\u202f% denotes a very low likelihood of exploitation, and the vulnerability is not present in the CISA KEV catalog. The attack is feasible from any userspace process on an s390 system, which can supply a crafted syscall number to trigger the out\u2011of\u2011bounds read. The CVE data does not provide evidence that the read leads to a broader data disclosure, but based on the description it is inferred that the out\u2011of\u2011bounds region could contain sensitive kernel data, making disclosure possible."}}}}, "created": "2026-04-22T17:00:11.717715+00:00", "updated": "2026-04-29T03:30:15.941128+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}