What is CVE-2026-23425?

CVE-2026-23425 is a high-severity vulnerability in Linux. CVSS score: 8.8/10. Published 2026-04-03.

How severe is CVE-2026-23425?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Linux

CVE-2026-23425

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the `kvm` structure for each…

EPSS: 0.000 (3.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Linux — versions 41d6028e28bd474298ff10409c292ec46cf43a90, 6.14, 0

References

git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c
git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142
git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17

Frequently asked questions

What is CVE-2026-23425?: CVE-2026-23425 is a high-severity vulnerability in Linux. CVSS score: 8.8/10. Published 2026-04-03.
How severe is CVE-2026-23425?: High severity. CVSS v3 base score is 8.8 out of 10.