CVE-2026-23107

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc1

Description The Linux kernel contains a flaw in the arm64/fpsimd component related to signal handling and the restoration of ZA (zeroed address space) contexts. The code responsible for restoring a ZA context fails to allocate storage for the task's sve state before setting TIF SME. This can lead to an invalid state where TIF SME is set, but sve state is NULL. In specific scenarios, such as when a task is saved and restored using CRIU, sve state might not be pre-allocated. This allows a user-space process to enter streaming mode without triggering a trap, resulting in a subsequent NULL pointer dereference when the kernel attempts to store register state. The issue manifests as a kernel NULL pointer dereference, potentially leading to system instability.

Recommendations Versions prior to 6.19.0-rc1 should be updated.