-

CVE-2026-52968

KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved:

KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic

kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and
aen_host_forward() index the GAIT by manually multiplying the index
with sizeof(struct zpci_gaite).

Since aift->gait is already a struct zpci_gaite pointer, this
double-scales the offset, accessing element aisb*16 instead of aisb.

This causes out-of-bounds accesses when aisb >= 32 (with
ZPCI_NR_DEVICES=512)

Fix by removing the erroneous sizeof multiplication.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < 31a9d9f9942885aae356a1a57c79e82c5b5b0828
Status affected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < a99a25db131ece5e6c0f7632da606de631efe4f2
Status affected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < 11b8ff5b930b351dd1f6f088dce0beb027ac92d0
Status affected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < b22a2da8792a7bfe743c1a922e77fa499ddedbe8
Status affected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < e7216651b94e92e5433fb2f54b77864642b4ea48
Status affected
Version 73f91b004321f2510fa79e66035dbbf1870fcf56
Version < 16d990a15491cf76cd6eef0846e1b4100e63261a
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.0
Status affected
Version 0
Version < 6.0
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/31a9d9f9942885aae356a1a57c79e82c5b5b0828
https://git.kernel.org/stable/c/a99a25db131ece5e6c0f7632da606de631efe4f2
https://git.kernel.org/stable/c/11b8ff5b930b351dd1f6f088dce0beb027ac92d0
https://git.kernel.org/stable/c/b22a2da8792a7bfe743c1a922e77fa499ddedbe8
https://git.kernel.org/stable/c/e7216651b94e92e5433fb2f54b77864642b4ea48
https://git.kernel.org/stable/c/16d990a15491cf76cd6eef0846e1b4100e63261a