A vulnerability, classified as critical, has been found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. The affected element is the function pkvm_init_features_from_host of the component KVM. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2026-23425. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.
| Vendor | Product | Versions |
|---|---|---|
| linux | linux kernel | 41d6028e28bd474298ff10409c292ec46cf43a90, 41d6028e28bd474298ff10409c292ec46cf43a90, 41d6028e28bd474298ff10409c292ec46cf43a90, 6.14, 6.18.16, 6.19.6, 7.0-rc1 |
Updated severity to CRITICAL, added affected versions 6.18.16, 6.19.6, 7.0-rc1, and corrected exploit availability to false.
Initial creation
