Zero Day MonitorZDM

← Back to list

—

CVE-2026-23425PATCHED

linux · linux kernel

KVM: arm64: Fix ID register initialization for non-protected pKVM guests

Description

A vulnerability, classified as critical, has been found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. The affected element is the function pkvm_init_features_from_host of the component KVM. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2026-23425. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

Affected Products

Vendor	Product	Versions
linux	linux kernel	41d6028e28bd474298ff10409c292ec46cf43a90, 41d6028e28bd474298ff10409c292ec46cf43a90, 41d6028e28bd474298ff10409c292ec46cf43a90, 6.14, 6.18.16, 6.19.6, 7.0-rc1

References

Related News (2 articles)

Tier C

VulDB4h ago

CVE-2026-23425 | Linux Kernel up to 6.18.16/6.19.6/7.0-rc1 KVM pkvm_init_features_from_host initialization

→ No new info (linked only)

Tier C

Linux Kernel CVEs5h ago

CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

bce3847f7c51b86332bf2e554c9e80ca3820f16c858620655c1fbff05997e162fc7d83a3293d51427e7c2cf0024d89443a7af52e09e47b1fe634ab1706.18.176.19.77.0-rc2

PublishedApr 3, 2026

Last enriched3h agov2

Trending Score41

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-31393EXP

Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access

CRITICALCVE-2026-31397EXP

mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()

CRITICALCVE-2026-23463EXP

soc: fsl: qbman: fix race condition in qman_destroy_fq

CRITICALCVE-2026-23472EXP

serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

CRITICALCVE-2026-23467EXP

drm/i915/dmc: Fix an unlikely NULL pointer deference at probe

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Patch Available

Apr 3, 2026

Updated: description, affectedVersions, severity

Apr 3, 2026

Version History

v2

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, added affected versions 6.18.16, 6.19.6, 7.0-rc1, and corrected exploit availability to false.

descriptionaffectedVersionsseverity

via VulDB

v14h ago

Initial creation