Improper access control in Linux kernel - CVE-2026-31561
Published: April 25, 2026
Vulnerability identifier: #VU127836
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31561
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local privileged user to disable security protections.
The vulnerability exists due to improper access control in CR4 pinning logic when modifying CR4 during early boot on application processors that are not online yet. A local privileged user can modify the online bit in writable memory and disable CR4 pinning to disable SMAP/SMEP and disable security protections.
The issue is particularly relevant in SEV-ES, SEV-SNP, or TDX guest environments during a short early-boot window.
How to mitigate CVE-2026-31561
Install security update from vendor's repository.