{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish",
    "id" : "2461489",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461489"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-820",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nKVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish\nLock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as\nallowing userspace to manipulate and/or run a vCPU while its state is being\nsynchronized would at best corrupt vCPU state, and at worst crash the host\nkernel.\nOpportunistically assert that vcpu->mutex is held when synchronizing its\nVMSA (the SEV-ES path already locks vCPUs).", "A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) component. This vulnerability allows a local user in userspace to manipulate or run a virtual CPU (vCPU) while its state is being synchronized during the Secure Nested Paging (SNP) launch process. This improper synchronization can lead to corruption of the vCPU state or, in the worst case, cause the host kernel to crash, resulting in a Denial of Service (DoS)." ],
  "statement" : "SEV-SNP launch finish must synchronize all vCPU VMSAs; upstream now takes the required locks so a racing vCPU cannot observe half-updated state. Red Hat treats this as a confidential-computing correctness fix on AMD hosts with SNP enabled.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31591\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31591\nhttps://lore.kernel.org/linux-cve-announce/2026042415-CVE-2026-31591-4148@gregkh/T" ],
  "name" : "CVE-2026-31591",
  "csaw" : false
}