CVE-2026-23425
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the `kvm` structure for each VM. For non-protected VMs, this structure is initialized from the host's `kvm` state. Currently, `pkvm_init_features_from_host()` copies the `KVM_ARCH_FLAG_ID_REGS_INITIALIZED` flag from the host without the underlying `id_regs` data being initialized. This results in the hypervisor seeing the flag as set while the ID registers remain zeroed. Consequently, `kvm_has_feat()` checks at EL2 fail (return 0) for non-protected VMs. This breaks logic that relies on feature detection, such as `ctxt_has_tcrx()` for TCR2_EL1 support. As a result, certain system registers (e.g., TCR2_EL1, PIR_EL1, POR_EL1) are not saved/restored during the world switch, which could lead to state corruption. Fix this by explicitly copying the ID registers from the host `kvm` to the hypervisor `kvm` for non-protected VMs during initialization, since we trust the host with its non-protected guests' features. Also ensure `KVM_ARCH_FLAG_ID_REGS_INITIALIZED` is cleared initially in `pkvm_init_features_from_host` so that `vm_copy_id_regs` can properly initialize them and set the flag once done.
EPSS 0.02% · 3.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 6.14, 6.14, 6.14 |
| Linux | Linux | 41d6028e28bd474298ff10409c292ec46cf43a90, 41d6028e28bd474298ff10409c292ec46cf43a90, 6.14 |
Exploit Intelligence
Timeline
- Apr 3, 2026 CVE Published
- Apr 3, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c url
- https://git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142 url
- https://git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23425 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261532-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621230-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261463-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261574-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261527-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621114-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261531-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261583-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261505-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621221-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621120-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621123-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261573-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261578-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621122-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261458-1 advisory
…and 18 more