CVE-2026-23107NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can place a task into an invalid state where TIF_SME is set but the task's sve_state is NULL. In legitimate but uncommon cases where the ZA signal context was NOT created by the kernel in the context of the same task (e.g. i

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.196.1.162+4
Debianlinux/linux_kernel< 6.1.162-1+2
CVEListV5linux/linux39782210eb7e87634d96cacb6ece370bc59d74bac5a5b150992ebab779c1ce54f54676786e47e94c+5

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23107: In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore2026-02-04
GHSA
GHSA-7xwr-6p6c-h357: In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restor2026-02-04
CVEList
arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel (arm64): Denial of Service via NULL pointer dereference in ZA signal context restoration2026-02-04
Debian
CVE-2026-23107: linux - In the Linux kernel, the following vulnerability has been resolved: arm64/fpsim...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23107 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23107 — NULL Pointer Dereference in Linux | cvebase