CVE-2026-31628

// PoC for CVE-2026-31628 (Conceptual) // This code demonstrates the context required to leak divider state. #include <stdio.h> #include <pthread.h> #include <unistd.h> // Simulate a victim thread performing division void* victim_func(void* arg) { volatile double result = 12345.67 / 89.0; // The hardware divider may hold residue of this operation printf("[Victim] Performed division."); return NULL; } // Simulate an attacker thread trying to read residue void* attacker_func(void* arg) { // Attempt to perform division and check for timing/state anomalies // indicating leakage from the victim thread. volatile double probe = 0.0; // In a real exploit, specific microarchitectural probing would occur here. printf("[Attacker] Probing hardware divider state..."); return NULL; } int main() { pthread_t v, a; // Run threads on the same core to exploit the hardware flaw pthread_create(&v, NULL, victim_func, NULL); pthread_join(v, NULL); pthread_create(&a, NULL, attacker_func, NULL); pthread_join(a, NULL); return 0; }

{"cve": {"id": "CVE-2026-31628", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-04-24T15:16:42.103", "lastModified": "2026-04-27T20:40:46.773", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU: Fix FPDSS on Zen1\n\nZen1's hardware divider can leave, under certain circumstances, partial\nresults from previous operations. Those results can be leaked by\nanother, attacker thread.\n\nFix that with a chicken bit."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16.58", "versionEndExcluding": "3.17", "matchCriteriaId": "C1981AEB-4867-4AB9-8168-BAB8D6567131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.144", "versionEndExcluding": "4.5", "matchCriteriaId": "7E307C3F-E33B-4061-B210-F031D88F5C6E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.102", "versionEndExcluding": "4.10", "matchCriteriaId": "96373A7C-EBC6-4D06-941C-481E7B24579D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.1", "versionEndExcluding": "5.10.253", "matchCriteriaId": "A6FC7EE9-71F9-4ACC-9566-0299D47F2B4A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.203", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.169", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.135", "matchCriteriaId": "15C1A1B2-14EE-494C-AF3E-D5A7BA640B39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.82", "matchCriteriaId": "02904CAE-71D2-45B3-9EC3-F6A9D18B6307"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.23", "matchCriteriaId": "E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.13", "matchCriteriaId": "1490EF9B-9080-481C-8D22-1306AAE664E4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.0.1", "matchCriteriaId": "9B5888AB-7403-4335-89E4-21CC0B48366A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*", "matchCriteriaId": "7875AA30-1F6F-470C-A52D-ECBD6663CEC5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0548529af20e68c6552817834b766646dd3bd7a7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/1272cfedf4cd1019ddf583917a99b62f2d3645bb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/546785c719418c6166834a47e372a88f5f7ae893", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/91f02726b2203b71545713ecb7fb006e60a2d66f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ad17f07e95e6e8505e2153e5b391f0d27eacce25", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/b731aca06387b195058a9f6449a03b62efa1bd10", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e55d98e7756135f32150b9b8f75d580d0d4b2dd3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e6af5286efe5a56128b34032572c9ce9ebeccda3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ed7a3a246309ccc807238f1b4f ... (truncated)