CVE-2026-23005

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc2-ffa07f7fd437-x86 amx nm xfd non init-vm

Description The Linux kernel contains a flaw related to the handling of XSTATE BV and XFD during guest XSAVE state loading via KVM SET XSAVE. Specifically, the kernel did not clear XSTATE BV[i] when XFD[i]=1, potentially leading to a #NM (Device Not Available) error and kernel panic if the guest executes WRMSR(MSR IA32 XFD) to set XFD[18] = 1, and a host interrupt triggers kernel fpu begin() before the vmexit handler calls fpu update guest xfd(). The issue can also occur when userspace provides XSTATE BV[i]=1 via KVM SET XSAVE. The root cause is an inconsistency between the XFD and XSTATE BV values, which can occur during interrupts or preemption on preemptible kernels. The corrected behavior aligns with the Intel Software Developer's Manual, which specifies that XSAVE should save XSTATE BV as '0' for components disabled via XFD.

Recommendations Update to a version of the Linux kernel newer than 6.19.0-rc2-ffa07f7fd437-x86 amx nm xfd non init-vm.