CVE-2026-23425Missing Initialization of Resource in Linux

CWE-909Missing Initialization of Resource7 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 94.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the `kvm` structure for each VM. For non-protected VMs, this structure is initialized from the host's `kvm` state. Currently, `pkvm_init_features_from_host()` copies the `KVM_ARCH_FLAG_ID_REGS_INITIALIZED` flag from the host without the underlying `id_regs` data being initialized. This re

Affected Packages2 packages

Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux41d6028e28bd474298ff10409c292ec46cf43a90bce3847f7c51b86332bf2e554c9e80ca3820f16c+3

🔴Vulnerability Details

3
CVEList
KVM: arm64: Fix ID register initialization for non-protected pKVM guests2026-04-03
GHSA
GHSA-23qp-f5g5-j76h: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In prot2026-04-03
OSV
CVE-2026-23425: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protec2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: KVM: arm64: Fix ID register initialization for non-protected pKVM guests2026-04-03
Debian
CVE-2026-23425: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23425 Impact, Exploitability, and Mitigation Steps | Wiz