CVE-2026-23425

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in KVM for arm64 systems related to the initialization of ID registers for non-protected pKVM guests. The hypervisor incorrectly copies the KVM ARCH FLAG ID REGS INITIALIZED flag from the host without initializing the underlying id regs data. This causes feature detection checks at EL2 to fail, impacting logic that relies on feature detection, such as ctxt has tcrx() for TCR2 EL1 support. As a result, system registers like TCR2 EL1, PIR EL1, and POR EL1 may not be saved or restored during world switches, potentially leading to state corruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.