{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:28:06.334","vulnerabilities":[{"cve":{"id":"CVE-2026-23085","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:19.363","lastModified":"2026-03-17T21:10:24.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Avoid truncating memory addresses\n\nOn 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem\nallocations to be backed by addresses physical memory above the 32-bit\naddress limit, as found while experimenting with larger VMSPLIT\nconfigurations.\n\nThis caused the qemu virt model to crash in the GICv3 driver, which\nallocates the 'itt' object using GFP_KERNEL. Since all memory below\nthe 4GB physical address limit is in ZONE_DMA in this configuration,\nkmalloc() defaults to higher addresses for ZONE_NORMAL, and the\nITS driver stores the physical address in a 32-bit 'unsigned long'\nvariable.\n\nChange the itt_addr variable to the correct phys_addr_t type instead,\nalong with all other variables in this driver that hold a physical\naddress.\n\nThe gicv5 driver correctly uses u64 variables, while all other irqchip\ndrivers don't call virt_to_phys or similar interfaces. It's expected that\nother device drivers have similar issues, but fixing this one is\nsufficient for booting a virtio based guest."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nirqchip/gic-v3-its: Evitar la truncación de direcciones de memoria\n\nEn máquinas de 32 bits con CONFIG_ARM_LPAE, es posible que las asignaciones de memoria baja estén respaldadas por direcciones de memoria física por encima del límite de direcciones de 32 bits, como se descubrió al experimentar con configuraciones VMSPLIT más grandes.\n\nEsto causó que el modelo virt de qemu colapsara en el controlador GICv3, que asigna el objeto 'itt' usando GFP_KERNEL. Dado que toda la memoria por debajo del límite de direcciones físicas de 4 GB está en ZONE_DMA en esta configuración, kmalloc() por defecto utiliza direcciones más altas para ZONE_NORMAL, y el controlador ITS almacena la dirección física en una variable 'unsigned long' de 32 bits.\n\nCambiar la variable itt_addr al tipo correcto phys_addr_t en su lugar, junto con todas las demás variables en este controlador que contienen una dirección física.\n\nEl controlador gicv5 utiliza correctamente variables u64, mientras que todos los demás controladores irqchip no llaman a virt_to_phys o interfaces similares. Se espera que otros controladores de dispositivos tengan problemas similares, pero solucionar este es suficiente para arrancar un invitado basado en virtio."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"5.10.249","matchCriteriaId":"B2D727D1-8078-464E-B5EA-519FA082EFD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.199","matchCriteriaId":"A247FBA6-BEB9-484F-B892-DD5517949CCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.162","matchCriteriaId":"6579E0D4-0641-479D-A4C3-0EF618798C55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.122","matchCriteriaId":"8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.68","matchCriteriaId":"52F38E19-0FDD-4992-9D6D-D4169D689598"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.8","matchCriteriaId":"E65C6E79-7EBE-4C77-93F0-818CF5B38F4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03faa61eb4b9ca9aa09bd91d4c3773d8e7b1ac98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/084ba3b99f2dfd991ce7e84fb17117319ec3cd9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b323391560354d8c515de8658b057a1daa82adb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85215d633983233809f7d4dad163b953331b8238","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d76a7d89c12d08382b66e2f21f20d0627d14859","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2f9c751f73a2d5bb62d94ab030aec118a811f27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e332b3b69e5b3acf07204a4b185071bab15c2b88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}