{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31593","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.121Z","datePublished":"2026-04-24T14:42:19.567Z","dateUpdated":"2026-05-11T22:11:47.488Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:11:47.488Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU\n\nReject synchronizing vCPU state to its associated VMSA if the vCPU has\nalready been launched, i.e. if the VMSA has already been encrypted.  On a\nhost with SNP enabled, accessing guest-private memory generates an RMP #PF\nand panics the host.\n\n  BUG: unable to handle page fault for address: ff1276cbfdf36000\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x80000003) - RMP violation\n  PGD 5a31801067 P4D 5a31802067 PUD 40ccfb5063 PMD 40e5954063 PTE 80000040fdf36163\n  SEV-SNP: PFN 0x40fdf36, RMP entry: [0x6010fffffffff001 - 0x000000000000001f]\n  Oops: Oops: 0003 [#1] SMP NOPTI\n  CPU: 33 UID: 0 PID: 996180 Comm: qemu-system-x86 Tainted: G           OE\n  Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n  Hardware name: Dell Inc. PowerEdge R7625/0H1TJT, BIOS 1.5.8 07/21/2023\n  RIP: 0010:sev_es_sync_vmsa+0x54/0x4c0 [kvm_amd]\n  Call Trace:\n   <TASK>\n   snp_launch_update_vmsa+0x19d/0x290 [kvm_amd]\n   snp_launch_finish+0xb6/0x380 [kvm_amd]\n   sev_mem_enc_ioctl+0x14e/0x720 [kvm_amd]\n   kvm_arch_vm_ioctl+0x837/0xcf0 [kvm]\n   kvm_vm_ioctl+0x3fd/0xcc0 [kvm]\n   __x64_sys_ioctl+0xa3/0x100\n   x64_sys_call+0xfe0/0x2350\n   do_syscall_64+0x81/0x10f0\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7ffff673287d\n   </TASK>\n\nNote, the KVM flaw has been present since commit ad73109ae7ec (\"KVM: SVM:\nProvide support to launch and run an SEV-ES guest\"), but has only been\nactively dangerous for the host since SNP support was added.  With SEV-ES,\nKVM would \"just\" clobber guest state, which is totally fine from a host\nkernel perspective since userspace can clobber guest state any time before\nsev_launch_update_vmsa()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kvm/svm/sev.c"],"versions":[{"version":"ad27ce155566f2b4400fa865859834592bd18777","lessThan":"c9609847ae65ca36233077c2b6cb2bc0fb37c77a","status":"affected","versionType":"git"},{"version":"ad27ce155566f2b4400fa865859834592bd18777","lessThan":"692fdf05e55fa03960a1278afdc2478c12daea13","status":"affected","versionType":"git"},{"version":"ad27ce155566f2b4400fa865859834592bd18777","lessThan":"6ef109e01e1d35199e1a97ea68bdfd3cf3fbf9ab","status":"affected","versionType":"git"},{"version":"ad27ce155566f2b4400fa865859834592bd18777","lessThan":"8f85a4885eee8cb495961ffa371a91828afb9445","status":"affected","versionType":"git"},{"version":"ad27ce155566f2b4400fa865859834592bd18777","lessThan":"9b9f7962e3e879d12da2bf47e02a24ec51690e3d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kvm/svm/sev.c"],"versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","status":"unaffected","versionType":"semver"},{"version":"6.12.83","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0.1","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1-rc1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.18.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.19.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"7.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"7.1-rc1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c9609847ae65ca36233077c2b6cb2bc0fb37c77a"},{"url":"https://git.kernel.org/stable/c/692fdf05e55fa03960a1278afdc2478c12daea13"},{"url":"https://git.kernel.org/stable/c/6ef109e01e1d35199e1a97ea68bdfd3cf3fbf9ab"},{"url":"https://git.kernel.org/stable/c/8f85a4885eee8cb495961ffa371a91828afb9445"},{"url":"https://git.kernel.org/stable/c/9b9f7962e3e879d12da2bf47e02a24ec51690e3d"}],"title":"KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU","x_generator":{"engine":"bippy-1.2.0"}}}}