CVE-2026-31482
Received Received - Intake
Register Scrubbing Omission in Linux s390 Kernel Entry Leads to Data Leak Risk

Publication date: 2026-04-22

Last updated on: 2026-04-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers loaded r12 with the current task pointer (lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros. That commit removed TIF_ISOLATE_BP, dropping both the branch prediction macros and the r12 load, but did not add r12 to the register clearing sequence. Add the missing xgr %r12,%r12 to make the register scrub consistent across all entry points.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-31482
EUVD
EUVD-2026-24844
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.4
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 6.4.1 (inc) to 6.6.131 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the s390 architecture's kernel entry code. Previously, the r12 register was loaded with the current task pointer for use by certain macros (BPENTER/BPEXIT). A recent commit removed the use of these macros and the loading of r12 but failed to clear the r12 register on kernel entry. This omission could leave sensitive data in the r12 register. The fix involved adding an instruction to clear (scrub) the r12 register on all kernel entry points to ensure consistency and prevent potential information leakage.

Impact Analysis

If the r12 register is not cleared on kernel entry, it may retain sensitive information from previous tasks. This could potentially lead to information leakage between processes or tasks, undermining system security and isolation. Attackers or malicious code might exploit this to gain unauthorized access to sensitive data.

Mitigation Strategies

The vulnerability has been resolved by a patch in the Linux kernel that scrubs the r12 register on kernel entry for the s390 architecture. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix (commit f33f2d4c7c80 or later).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart