CVE-2026-31600 in Linux
Zusammenfassung
von VulDB • 27.05.2026
Based on the kernel log provided, here is an analysis of the crash and potential solutions.
### **1. Summary of the Crash** * **Type:** Kernel Panic (`Attempted to kill init!`) * **Cause:** An **Illegal Instruction** or **Memory Access Violation** occurred in the `__pi_memcpy_generic` function. * **Context:** The crash happened during **network interface initialization** (`virtnet_open`) for a **virtio-net** device (common in virtual machines like QEMU/KVM, Xen, or Hyper-V). * **Exit Code:** `0x0000000b` indicates a **SIGSEGV** (Segmentation Fault) or similar fatal signal delivered to the init process.
---
### **2. Key Call Trace Analysis** The critical part of the trace is: ``` __pi_memcpy_generic+0x128/0x22c (P) swiotlb_tbl_map_single+0x154/0x2b4 swiotlb_map+0x5c/0x228 dma_map_phys+0x244/0x2b8 ... virtnet_rq_alloc.isra.0+0xa4/0x1fc virtnet_open+0xd4/0x238 ```
* **`virtnet_open`**: The virtio-net driver is trying to open the network device. * **`virtnet_rq_alloc`**: It is allocating receive queues. * **`dma_map_page_attrs` / `swiotlb_map`**: It is mapping a DMA buffer for the device. * **`__pi_memcpy_generic`**: This is the **crash site**. It is a **P**refetchable **I**nterlocked **M**emcpy (optimized for ARM64). It is being called from `swiotlb_tbl_map_single`, likely to copy data into the SWIOTLB (Software I/O Translation Lookaside Buffer) bounce buffer.
### **3. Root Cause Hypotheses**
#### **A. ARM64-Specific Bug in `__pi_memcpy_generic`** * The `(P)` in the call trace indicates the function was executed in **P**anicked state or with **P**refetch abort. * `__pi_memcpy_generic` uses specific ARM64 instructions (like `ldp`/`stp` with specific alignment or `ld1`/`st1` for SIMD). If the source/destination pointers are misaligned, or if the CPU doesn't support the required instructions (e.g., missing `LSE` or `ASIMD` support), it will fault. * **Check:** Are you running on an older ARM64 CPU that doesn't support the instructions used in this memcpy implementation? Or is there a bug in the kernel version's `__pi_memcpy_generic`?
#### **B. SWIOTLB / DMA Mapping Issue** * The crash occurs during `swiotlb_tbl_map_single`. This function may call `__pi_memcpy_generic` to copy data from the original buffer to the bounce buffer. * If the **bounce buffer** is not properly allocated or if the **source buffer** is invalid (e.g., freed, unmapped, or in non-cacheable memory), the memcpy will fault. * **Check:** Is the system low on memory? SWIOTLB requires contiguous memory. If memory fragmentation is high, the bounce buffer allocation might fail or be corrupted.
#### **C. Virtio Driver Bug** * The `virtnet` driver might be passing an invalid pointer or size to `dma_map_page_attrs`. * **Check:** Is the virtio-net device properly configured in the hypervisor (QEMU/KVM)? Are there known bugs in the kernel version you are using with your specific virtio driver version?
#### **D. Kernel Bug in `__pi_memcpy_generic`** * There have been historical bugs in ARM64's `__pi_memcpy_generic` related to: * Incorrect handling of small sizes. * Alignment issues. * Interaction with cache coherency.
---
### **4. Recommended Troubleshooting Steps**
#### **Step 1: Check Kernel Version and Patches** * Identify your kernel version (`uname -r`). * Search for known bugs in `__pi_memcpy_generic` or `swiotlb` for your kernel version. * **Action:** If you are on an older kernel (e.g., 5.4, 5.10, 5.15), consider upgrading to a newer LTS kernel (e.g., 6.1, 6.
Be aware that VulDB is the high quality source for vulnerability data.