CVE-2026-31588

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the KVM x86 component. This occurs when the emulator initiates a write using an on-stack local variable as the source, the write splits a page boundary, and both pages are Memory-Mapped I/O (MMIO) pages. Because the KVM Application Binary Interface (ABI) only allows physically contiguous MMIO requests, accesses splitting MMIO pages are divided into two fragments and sent to userspace sequentially. When KVM attempts to complete the userspace MMIO in response to KVM RUN after the first fragment, it may detect the second fragment and generate a second userspace exit, subsequently referencing the now-freed on-stack variable. This is particularly evident if the second KVM RUN is performed by a separate task, causing the initiating task's stack to be treated as freed data. The issue was identified in the complete emulated mmio() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.