CVE-2026-31786

Published: Apr 30, 2026 Last Modified: Mag 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

Buffer overflow in drivers/xen/sys-hypervisor.c

The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is
neither NUL terminated nor a string.

The first causes a buffer overflow as sprintf in buildid_show will
read and copy till it finds a NUL.

00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P|
00000010 b9 a8 01 42 6f 2e 32 |...Bo.2|
00000017

So use a memcpy instead of sprintf to have the correct value:

00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P|
00000010 b9 a8 01 42 |...B|
00000014

(the above have a hack to embed a zero inside and check it's
returned correctly).

This is XSA-485 / CVE-2026-31786

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 2 Days)

https://git.kernel.org/stable/c/27fdbab4221b375de54bf919197…
https://git.kernel.org/stable/c/27fdbab4221b375de54bf91919798d88520c6e28
https://git.kernel.org/stable/c/4b4defd2fce3f966c25adabf466…
https://git.kernel.org/stable/c/4b4defd2fce3f966c25adabf46644a85558f1169
https://git.kernel.org/stable/c/52cecff98bda2c51eed1c6ce9d2…
https://git.kernel.org/stable/c/52cecff98bda2c51eed1c6ce9d21c5d6268fb19d
https://git.kernel.org/stable/c/5c5ff7c7bd15bb536f44b10b3fb…
https://git.kernel.org/stable/c/5c5ff7c7bd15bb536f44b10b3fb5b8408f344d0a
https://git.kernel.org/stable/c/8288d031a01dbacfde3fc643f7b…
https://git.kernel.org/stable/c/8288d031a01dbacfde3fc643f7be3d23504de64d
https://git.kernel.org/stable/c/d5f59216650c51e5e3fcb7517c8…
https://git.kernel.org/stable/c/d5f59216650c51e5e3fcb7517c825bc8047f60ef
https://git.kernel.org/stable/c/e3af585e1728c917682b6a3de9a…
https://git.kernel.org/stable/c/e3af585e1728c917682b6a3de9a69b41fb9194d4
https://git.kernel.org/stable/c/f458ba102da97fafca106327086…
https://git.kernel.org/stable/c/f458ba102da97fafca106327086fc95f3fc764cb
http://www.openwall.com/lists/oss-security/2026/04/28/12
http://www.openwall.com/lists/oss-security/2026/04/28/12
http://xenbits.xen.org/xsa/advisory-485.html
http://xenbits.xen.org/xsa/advisory-485.html