CVE-2026-31483
Spectre Variant in Linux s390 Syscall Dispatch Table
Publication date: 2026-04-22
Last updated on: 2026-04-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.12 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 5.16 (inc) to 6.1.168 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.131 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 5.12.1 (inc) to 5.15.203 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's s390 architecture syscall dispatch table. The syscall number, which is controlled directly by userspace, lacks a proper boundary check called array_index_nospec(). This missing boundary allows potential access beyond the intended syscall function pointer tables, which could lead to unintended behavior or exploitation.
How can this vulnerability impact me? :
Because the syscall number is directly controlled by userspace without proper boundary checks, an attacker could potentially exploit this to access or execute unintended syscall functions. This could lead to security issues such as unauthorized code execution or information leakage within the Linux kernel on s390 systems.