CVE-2026-52968
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward() index the GAIT by manually multiplying the index with sizeof(struct zpci_gaite). Since aift->gait is already a struct zpci_gaite pointer, this double-scales the offset, accessing element aisb*16 instead of aisb. This causes out-of-bounds accesses when aisb >= 32 (with ZPCI_NR_DEVICES=512) Fix by removing the erroneous sizeof multiplication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52968
EUVD
EUVD-2026-38836
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's KVM s390 PCI code where certain functions incorrectly calculate an index into the GAIT table. Specifically, the functions kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward() multiply the index by the size of the struct zpci_gaite, even though the pointer is already of that type. This results in a double scaling of the pointer arithmetic, causing out-of-bounds memory accesses when the index (aisb) is 32 or greater.

The issue is fixed by removing the erroneous multiplication by sizeof(struct zpci_gaite), preventing the out-of-bounds access.

Impact Analysis

This vulnerability can cause out-of-bounds memory accesses in the Linux kernel's KVM s390 PCI subsystem. Such out-of-bounds accesses may lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service, depending on the context and exploitability.

Mitigation Strategies

The vulnerability is fixed by correcting the pointer arithmetic in the Linux kernel's KVM s390 PCI code. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Specifically, apply the patch that removes the erroneous sizeof multiplication in the functions kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward().

Until the update is applied, avoid running workloads that could trigger out-of-bounds accesses related to the GAIT table indexing on s390 KVM PCI devices.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52968. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart