CVE-2026-23085

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to memory address handling within the irqchip/gic-v3-its driver. On 32-bit machines with CONFIG ARM LPAE enabled, low memory allocations can be backed by physical memory addresses exceeding the 32-bit address limit. This can occur when experimenting with larger VMSPLIT configurations. The problem manifests as a crash in the qemu virt model due to the GICv3 driver allocating the 'itt' object using GFP KERNEL. The driver stores the physical address in a 32-bit unsigned long variable, leading to truncation when the address exceeds the 32-bit limit. The gicv5 driver uses u64 variables, and other irqchip drivers do not utilize virt to phys or similar interfaces. It is anticipated that similar issues may exist in other device drivers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.