{"id":"CVE-2026-31590","summary":"KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION\n\nDrop the WARN in sev_pin_memory() on npages overflowing an int, as the\nWARN is comically trivially to trigger from userspace, e.g. by doing:\n\n  struct kvm_enc_region range = {\n          .addr = 0,\n          .size = -1ul,\n  };\n\n  __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range);\n\nNote, the checks in sev_mem_enc_register_region() that presumably exist to\nverify the incoming address+size are completely worthless, as both \"addr\"\nand \"size\" are u64s and SEV is 64-bit only, i.e. they _can't_ be greater\nthan ULONG_MAX.  That wart will be cleaned up in the near future.\n\n\tif (range-\u003eaddr \u003e ULONG_MAX || range-\u003esize \u003e ULONG_MAX)\n\t\treturn -EINVAL;\n\nOpportunistically add a comment to explain why the code calculates the\nnumber of pages the \"hard\" way, e.g. instead of just shifting @ulen.","modified":"2026-05-13T03:51:34.760837139Z","published":"2026-04-24T14:42:17.629Z","related":["CGA-7cc8-8q22-644h","openSUSE-SU-2026:10703-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31590.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1cba4dcd795daf6d257122779fb6a349edf03914"},{"type":"WEB","url":"https://git.kernel.org/stable/c/28cc13ca20431b127d42d84ba10898d03e2c8267"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8acffeef5ef720c35e513e322ab08e32683f32f2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab423e5892826202a660b5ac85d1125b0e8301a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b670833749ffd8681361db2bb047c6f2e3075f3a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c29ff288a2d97a6f4640a498a367cf0eb91312eb"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31590.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31590"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"78824fabc72e5e37d51e6e567fde70a4fc41a6d7"},{"fixed":"b670833749ffd8681361db2bb047c6f2e3075f3a"},{"fixed":"ab423e5892826202a660b5ac85d1125b0e8301a5"},{"fixed":"28cc13ca20431b127d42d84ba10898d03e2c8267"},{"fixed":"c29ff288a2d97a6f4640a498a367cf0eb91312eb"},{"fixed":"1cba4dcd795daf6d257122779fb6a349edf03914"},{"fixed":"8acffeef5ef720c35e513e322ab08e32683f32f2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31590.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.9.0"},{"fixed":"6.6.136"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.83"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.20.0"},{"fixed":"7.0.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31590.json"}}],"schema_version":"1.7.5"}