PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23005 Linux CVE debrief

A vulnerability in the Linux kernel's x86/fpu component could allow a local attacker to cause a denial of service. The vulnerability is due to the failure to clear XSTATE_BV[i] in guest XSAVE state when XFD[i]=1. This could cause the kernel to attempt to load state for features that are disabled via the guest's XFD, resulting in a panic. The vulnerability is addressed in kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, and later. The vulnerability can be triggered by a local attacker with access to the system, and it has a medium severity level. The vulnerability has been patched, and users are advised to update to the latest kernel version.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-25
Original CVE updated
2026-07-14
Advisory published
2026-01-25
Advisory updated
2026-07-14

Who should care

Administrators and users of Linux systems, particularly those using kernel versions prior to the patched versions, should be aware of this vulnerability and take steps to mitigate it. This includes updating to the latest kernel version, monitoring system logs for signs of exploitation, and implementing compensating controls.

Technical summary

The Linux kernel's x86/fpu component fails to clear XSTATE_BV[i] in guest XSAVE state when XFD[i]=1. This vulnerability allows a local attacker to cause a denial of service by triggering a kernel panic. The issue arises when the kernel attempts to load state for features disabled via the guest's XFD. The vulnerability is addressed in kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, and later. It has a CVSS score of 5.5 and a medium severity level. To mitigate this vulnerability, administrators should update to the latest kernel version, monitor system logs for signs of exploitation, and implement compensating controls. The vulnerability can be triggered by a local attacker with access to the system.

Defensive priority

Medium

Recommended defensive actions

  • Apply patches from Linux kernel maintainers
  • Update to kernel versions 5.17.1, 6.1.162, 6.6.122, 6.7, 6.12.67, 6.13, 6.18.7, or later
  • Monitor system logs for signs of exploitation
  • Implement compensating controls, such as restricting access to sensitive resources
  • Review system configurations and ensure that they are in line with security best practices
  • Perform regular security audits and vulnerability assessments
  • Keep software and systems up-to-date with the latest security patches

Evidence notes

The vulnerability is documented in the Linux kernel's Git repository and has been assigned a CVE identifier. The NVD entry provides additional information on the vulnerability, including its CVSS score and affected products. The vulnerability has been patched, and users are advised to update to the latest kernel version.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-25T15:15:55.377Z and has not been modified since then.