CVE-2026-31590

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION<br /> <br /> Drop the WARN in sev_pin_memory() on npages overflowing an int, as the<br /> WARN is comically trivially to trigger from userspace, e.g. by doing:<br /> <br /> struct kvm_enc_region range = {<br /> .addr = 0,<br /> .size = -1ul,<br /> };<br /> <br /> __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &amp;range);<br /> <br /> Note, the checks in sev_mem_enc_register_region() that presumably exist to<br /> verify the incoming address+size are completely worthless, as both "addr"<br /> and "size" are u64s and SEV is 64-bit only, i.e. they _can&amp;#39;t_ be greater<br /> than ULONG_MAX. That wart will be cleaned up in the near future.<br /> <br /> if (range-&gt;addr &gt; ULONG_MAX || range-&gt;size &gt; ULONG_MAX)<br /> return -EINVAL;<br /> <br /> Opportunistically add a comment to explain why the code calculates the<br /> number of pages the "hard" way, e.g. instead of just shifting @ulen.