CVE-2026-31561

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the x86 CPU handling where the X86 CR4 FRED bit was included in the CR4 pinned bits mask. During boot, FRED is initialized on the Bootstrap Processor (BSP) and subsequently on Application Processors (APs), creating a window where exceptions cannot be handled. In SEV-ES, SEV-SNP, or TDX guests, triggering exceptions during this window can lead to a triple fault because FRED Model Specific Registers (MSRs) are not yet configured. Previous attempts to fix this by temporarily disabling CR4 pinning when an AP is not online introduced a security risk, as an attacker could modify the online bit in read-write memory to disable CR4 pinning and subsequently disable Supervisor Mode Execution Prevention (SMEP) or Supervisor Mode Access Prevention (SMAP).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.