{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31483", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.101Z", "datePublished": "2026-04-22T13:54:09.561Z", "dateUpdated": "2026-04-22T13:54:09.561Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:54:09.561Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tables."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/kernel/syscall.c"], "versions": [{"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "3c3b97064764899c39a0abbd35a6caa031e70333", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "1cb9c7bc9025c637564fabc7fcc3c9343949e310", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "7a5260fbc6e79a1595328ec5c6aa3f937504a1f0", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "f8c444b918d639e1f9a621ee20fe481c1d10dfc4", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "87776f02449e3bded95b2ccbd6b012e9ae64e6f3", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "4d05dd18d867d58c6952a3bc260d244899da7256", "status": "affected", "versionType": "git"}, {"version": "56e62a73702836017564eaacd5212e4d0fa1c01d", "lessThan": "48b8814e25d073dd84daf990a879a820bad2bcbd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/kernel/syscall.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333"}, {"url": "https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310"}, {"url": "https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0"}, {"url": "https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4"}, {"url": "https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3"}, {"url": "https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256"}, {"url": "https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd"}], "title": "s390/syscalls: Add spectre boundary for syscall dispatch table", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tables."}], "id": "CVE-2026-31483", "lastModified": "2026-04-22T14:16:45.627", "metrics": {}, "published": "2026-04-22T14:16:45.627", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,3c3b97064764899c39a0abbd35a6caa031e70333)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,1cb9c7bc9025c637564fabc7fcc3c9343949e310)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,7a5260fbc6e79a1595328ec5c6aa3f937504a1f0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,f8c444b918d639e1f9a621ee20fe481c1d10dfc4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,87776f02449e3bded95b2ccbd6b012e9ae64e6f3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,4d05dd18d867d58c6952a3bc260d244899da7256)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[56e62a73702836017564eaacd5212e4d0fa1c01d,48b8814e25d073dd84daf990a879a820bad2bcbd)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.12"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.12)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T18:52:28.219641+00:00", "value": {"mitigation_remediation": ["Upgrade to a Linux kernel release that includes the patch adding a Spectre boundary to the s390 syscall dispatch table.", "If an immediate kernel upgrade is not possible, apply a manual patch to the kernel source adding an array_index_nospec() check around the s390 syscall dispatch logic before compiling.", "Enable all generic kernel Spectre mitigations (e.g., CONFIG_X86_INTEL_NOTRACK or equivalent) to reduce the exploitation probability while waiting for the official patch."], "summary": {"action": "Patch ASAP", "impact": "Spectre-based data disclosure via out-of-bounds syscall dispatch"}, "threat_synthesis": {"affected_systems": "All Linux kernel versions running on the s390 architecture are affected because no version information is specified. The issue applies to the generic Linux kernel on s390, regardless of distribution, until the patch adding a spectre boundary is incorporated.", "description_and_impact": "A flaw in the Linux kernel\u2019s s390 architecture allows a userspace process to control the syscall number and bypass an array_index_nospec boundary, enabling a speculative execution path that can read arbitrary kernel memory. This results in a confidentiality compromise consistent with a Spectre variant, allowing an attacker to potentially expose sensitive information such as passwords, cryptographic keys, or other memory contents. The vulnerability is a classic out\u2011of\u2011bounds read that can be exploited through speculative execution to leak data to the attacker without modifying the kernel state.", "risk_and_exploitability": "The CVSS score is not provided and the EPSS score is unavailable, but the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: any userspace process on an s390 system can pass a crafted syscall number to trigger the out\u2011of\u2011bounds access. Because the flaw relies on speculative execution and lacks proper bounds checks, it is considered a high\u2011risk vulnerability until a kernel update is applied."}}}}, "created": "2026-04-22T17:00:11.717715+00:00", "updated": "2026-04-22T19:00:08.092017+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-125", "CWE-20"]}