CVE-2026-23345Symbolic Name not Mapping to Correct Object in Linux

CWE-386Symbolic Name not Mapping to Correct Object8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The _PAGE_GCS{,_RO} definitions include the PTE_SHARED bits as 0b11 (this matches the other _PAGE_* definitions) but using this macro directly leads to the following panic when enabling GCS on a system/model with LPA2: Unable to handl

Affected Packages3 packages

Linuxlinux/linux_kernel6.13.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux6497b66ba6945f142902c7e8fce86e47016ead1cca1684dd297bf0725c1d487cff80e615497accf6+3

🔴Vulnerability Details

4
GHSA
GHSA-67rr-wm48-f5vp: In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When F2026-03-25
CVEList
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled2026-03-25
OSV
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled2026-03-25
OSV
CVE-2026-23345: In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEA2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled2026-03-25
Debian
CVE-2026-23345: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: gcs:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23345 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23345 — Linux vulnerability | cvebase