PatchSiren cyber security CVE debrief
CVE-2026-52968 Linux CVE debrief
A vulnerability was found in the Linux kernel's KVM: s390: pci subsystem. The flaw in GAIT table indexing due to double-scaling pointer arithmetic can cause out-of-bounds accesses when aisb >= 32. This issue affects Linux kernel users, particularly those with KVM: s390: pci deployments. The vulnerability was resolved by removing the erroneous sizeof multiplication. To mitigate the risk, users should review and apply the official patch. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-10
Who should care
Linux kernel users, KVM administrators, and s390 system operators should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review and apply the official patch, update KVM configurations to ensure secure operation, and monitor system logs for potential exploitation attempts. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes.
Technical summary
The vulnerability is caused by incorrect pointer arithmetic in the kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward() functions. The aift->gait pointer is already a struct zpci_gaite pointer, but the code multiplies the index by sizeof(struct zpci_gaite), resulting in double-scaling and out-of-bounds accesses. This issue can be fixed by removing the erroneous sizeof multiplication. The official patches are available, and users are advised to apply them to prevent potential attacks. The vulnerability affects Linux kernel users, particularly those with KVM: s390: pci deployments.
Defensive priority
High priority for Linux kernel maintainers and KVM administrators to apply the fix and prevent potential attacks.
Recommended defensive actions
- Apply the official patch to fix the vulnerability
- Review and update KVM configurations to ensure secure operation
- Monitor system logs for potential exploitation attempts
- Perform a thorough review of the system to ensure the vulnerability is not being exploited
- Consider implementing compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The vulnerability was resolved by removing the erroneous sizeof multiplication. Official patches are available at https://git.kernel.org/stable/c/11b8ff5b930b351dd1f6f088dce0beb027ac92d0 and other referenced commits. The vulnerability affects Linux kernel users, particularly those with KVM: s390: pci deployments. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes. Users should verify the patch and ensure it is applied correctly to prevent potential attacks.
Official resources
-
CVE-2026-52968 CVE record
CVE.org
-
CVE-2026-52968 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:07.243Z and has not been modified since then.