PatchSiren cyber security CVE debrief
CVE-2026-23005 Linux CVE debrief
A vulnerability in the Linux kernel's x86/fpu component could allow a local attacker to cause a denial of service. The vulnerability is due to the failure to clear XSTATE_BV[i] in guest XSAVE state when XFD[i]=1. This could cause the kernel to attempt to load state for features that are disabled via the guest's XFD, resulting in a panic. The vulnerability is addressed in kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, and later. The vulnerability can be triggered by a local attacker with access to the system, and it has a medium severity level. The vulnerability has been patched, and users are advised to update to the latest kernel version.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-25
- Advisory updated
- 2026-07-14
Who should care
Administrators and users of Linux systems, particularly those using kernel versions prior to the patched versions, should be aware of this vulnerability and take steps to mitigate it. This includes updating to the latest kernel version, monitoring system logs for signs of exploitation, and implementing compensating controls.
Technical summary
The Linux kernel's x86/fpu component fails to clear XSTATE_BV[i] in guest XSAVE state when XFD[i]=1. This vulnerability allows a local attacker to cause a denial of service by triggering a kernel panic. The issue arises when the kernel attempts to load state for features disabled via the guest's XFD. The vulnerability is addressed in kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, and later. It has a CVSS score of 5.5 and a medium severity level. To mitigate this vulnerability, administrators should update to the latest kernel version, monitor system logs for signs of exploitation, and implement compensating controls. The vulnerability can be triggered by a local attacker with access to the system.
Defensive priority
Medium
Recommended defensive actions
- Apply patches from Linux kernel maintainers
- Update to kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, or later
- Monitor system logs for signs of exploitation
- Implement compensating controls, such as restricting access to sensitive resources
- Review system configurations and ensure that they are in line with security best practices
- Perform regular security audits and vulnerability assessments
- Keep software and systems up-to-date with the latest security patches
Evidence notes
The vulnerability is documented in the Linux kernel's Git repository and has been assigned a CVE identifier. The NVD entry provides additional information on the vulnerability, including its CVSS score and affected products. The vulnerability has been patched, and users are advised to update to the latest kernel version.
Official resources
-
CVE-2026-23005 CVE record
CVE.org
-
CVE-2026-23005 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-25T15:15:55.377Z and has not been modified since then.