PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52968 Linux CVE debrief

A vulnerability was found in the Linux kernel's KVM: s390: pci subsystem. The flaw in GAIT table indexing due to double-scaling pointer arithmetic can cause out-of-bounds accesses when aisb >= 32. This issue affects Linux kernel users, particularly those with KVM: s390: pci deployments. The vulnerability was resolved by removing the erroneous sizeof multiplication. To mitigate the risk, users should review and apply the official patch. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-07-10
Advisory published
2026-06-24
Advisory updated
2026-07-10

Who should care

Linux kernel users, KVM administrators, and s390 system operators should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review and apply the official patch, update KVM configurations to ensure secure operation, and monitor system logs for potential exploitation attempts. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes.

Technical summary

The vulnerability is caused by incorrect pointer arithmetic in the kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward() functions. The aift->gait pointer is already a struct zpci_gaite pointer, but the code multiplies the index by sizeof(struct zpci_gaite), resulting in double-scaling and out-of-bounds accesses. This issue can be fixed by removing the erroneous sizeof multiplication. The official patches are available, and users are advised to apply them to prevent potential attacks. The vulnerability affects Linux kernel users, particularly those with KVM: s390: pci deployments.

Defensive priority

High priority for Linux kernel maintainers and KVM administrators to apply the fix and prevent potential attacks.

Recommended defensive actions

  • Apply the official patch to fix the vulnerability
  • Review and update KVM configurations to ensure secure operation
  • Monitor system logs for potential exploitation attempts
  • Perform a thorough review of the system to ensure the vulnerability is not being exploited
  • Consider implementing compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The vulnerability was resolved by removing the erroneous sizeof multiplication. Official patches are available at https://git.kernel.org/stable/c/11b8ff5b930b351dd1f6f088dce0beb027ac92d0 and other referenced commits. The vulnerability affects Linux kernel users, particularly those with KVM: s390: pci deployments. The vulnerability has a high impact on system security, and its exploitation could lead to unauthorized access or system crashes. Users should verify the patch and ensure it is applied correctly to prevent potential attacks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:07.243Z and has not been modified since then.