製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける不特定の脆弱性

Title	LinuxのLinux Kernelにおける不特定の脆弱性
Summary	Linuxカーネルにおいて、KVMのarm64アーキテクチャで非保護pKVMゲストのIDレジスタ初期化に関する脆弱性を修正しました。この問題は、非保護VMがホストのkvm状態からIDレジスタを正しくコピーしなかったため、機能検出に不整合が生じ、一部のシステムレジスタがワールドスイッチ時に保存・復元されずに状態破損を引き起こす可能性があったことによります。本修正では、非保護VM初期化時にホストからIDレジスタを明示的にコピーし、機能フラグを正しく設定することで問題を解消しています。
Possible impacts	当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。また、当該ソフトウェアが扱う情報について、書き換えは発生しません。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃の影響は、他のソフトウェアには及びません。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	April 3, 2026, midnight
Registration Date	April 27, 2026, 11:25 a.m.
Last Update	April 27, 2026, 11:25 a.m.

Affected System

Linux

Linux Kernel 6.14

Linux Kernel 6.14.1 以上 6.18.17 未満

Linux Kernel 6.19 以上 6.19.7 未満

Linux Kernel 7.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-23425	https://www.cve.org/CVERecord?id=CVE-2026-23425
National Vulnerability Database (NVD)
2	CVE-2026-23425	https://nvd.nist.gov/vuln/detail/CVE-2026-23425

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	KVM: arm64: Fix ID register initialization for non-protected pKVM guests - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17)	https://git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17
2	KVM: arm64: Fix ID register initialization for non-protected pKVM guests - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142)	https://git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142
3	KVM: arm64: Fix ID register initialization for non-protected pKVM guests - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c)	https://git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c

Change Log

No	Changed Details	Date of change
1	[2026年04月27日] 掲載	April 27, 2026, 11:25 a.m.

NVD Vulnerability Information

CVE-2026-23425

Summary	In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the `kvm` structure for each VM. For non-protected VMs, this structure is initialized from the host's `kvm` state. Currently, `pkvm_init_features_from_host()` copies the `KVM_ARCH_FLAG_ID_REGS_INITIALIZED` flag from the host without the underlying `id_regs` data being initialized. This results in the hypervisor seeing the flag as set while the ID registers remain zeroed. Consequently, `kvm_has_feat()` checks at EL2 fail (return 0) for non-protected VMs. This breaks logic that relies on feature detection, such as `ctxt_has_tcrx()` for TCR2_EL1 support. As a result, certain system registers (e.g., TCR2_EL1, PIR_EL1, POR_EL1) are not saved/restored during the world switch, which could lead to state corruption. Fix this by explicitly copying the ID registers from the host `kvm` to the hypervisor `kvm` for non-protected VMs during initialization, since we trust the host with its non-protected guests' features. Also ensure `KVM_ARCH_FLAG_ID_REGS_INITIALIZED` is cleared initially in `pkvm_init_features_from_host` so that `vm_copy_id_regs` can properly initialize them and set the flag once done.
Publication Date	April 3, 2026, 11:16 p.m.
Registration Date	April 27, 2026, 12:21 p.m.
Last Update	April 24, 2026, 6:04 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List