{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "73f91b004321f2510fa79e66035dbbf1870fcf56"
            },
            {
              "fixed": "31a9d9f9942885aae356a1a57c79e82c5b5b0828"
            },
            {
              "fixed": "a99a25db131ece5e6c0f7632da606de631efe4f2"
            },
            {
              "fixed": "11b8ff5b930b351dd1f6f088dce0beb027ac92d0"
            },
            {
              "fixed": "b22a2da8792a7bfe743c1a922e77fa499ddedbe8"
            },
            {
              "fixed": "e7216651b94e92e5433fb2f54b77864642b4ea48"
            },
            {
              "fixed": "16d990a15491cf76cd6eef0846e1b4100e63261a"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.1.175"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.141"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.91"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.33"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52968.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic\n\nkvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and\naen_host_forward() index the GAIT by manually multiplying the index\nwith sizeof(struct zpci_gaite).\n\nSince aift-\u003egait is already a struct zpci_gaite pointer, this\ndouble-scales the offset, accessing element aisb*16 instead of aisb.\n\nThis causes out-of-bounds accesses when aisb \u003e= 32 (with\nZPCI_NR_DEVICES=512)\n\nFix by removing the erroneous sizeof multiplication.",
  "id": "CVE-2026-52968",
  "modified": "2026-07-12T03:54:36.635873365Z",
  "published": "2026-06-24T16:28:47.438Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11b8ff5b930b351dd1f6f088dce0beb027ac92d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16d990a15491cf76cd6eef0846e1b4100e63261a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31a9d9f9942885aae356a1a57c79e82c5b5b0828"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a99a25db131ece5e6c0f7632da606de631efe4f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b22a2da8792a7bfe743c1a922e77fa499ddedbe8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7216651b94e92e5433fb2f54b77864642b4ea48"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52968.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52968"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic"
}