CVE-2026-31464

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds access issue exists in the ibmvfc discover targets done() function. A compromised VIO server can provide a num written value in the discover targets MAD response that exceeds max targets. This value is stored in vhost->num targets without validation and used as a loop bound in ibmvfc alloc targets() to index into disc buf[], which is only allocated for max targets entries. This allows access to kernel memory outside the DMA-coherent allocation, which is then leaked back to the VIO server via Implicit Logout and PLOGI MADs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.