HOMEVULNERABILITIESCVE-2026-23114
NONE

CVE-2026-23114

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

arm64/fpsimd: ptrace: Fix SVE writes on !SME systems

When SVE is supported but SME is not supported, a ptrace write to the

NT_ARM_SVE regset can place the tracee into an invalid state where

(non-streaming) SVE register data is stored in FP_STATE_SVE format but

TIF_SVE is clear. This can result in a later warning from

fpsimd_restore_current_state(), e.g.

WARNING: CPU: 0 PID: 7214 at arch/arm64/kernel/fpsimd.c:383 fpsimd_restore_current_state+0x50c/0x748

When this happens, fpsimd_restore_current_state() will set TIF_SVE,

placing the task into the correct state. This occurs before any other

check of TIF_SVE can possibly occur, as other checks of TIF_SVE only

happen while the FPSIMD/SVE/SME state is live. Thus, aside from the

warning, there is no functional issue.

This bug was introduced during rework to error handling in commit:

9f8bf718f2923 ("arm64/fpsimd: ptrace: Gracefully handle errors")

... where the setting of TIF_SVE was moved into a block which is only

executed when system_supports_sme() is true.

Fix this by removing the system_supports_sme() check. This ensures that

TIF_SVE is set for (SVE-formatted) writes to NT_ARM_SVE, at the cost of

unconditionally manipulating the tracee's saved svcr value. The

manipulation of svcr is benign and inexpensive, and we already do

similar elsewhere (e.g. during signal handling), so I don't think it's

worth guarding this with system_supports_sme() checks.

Aside from the above, there is no functional change. The 'type' argument

to sve_set_common() is only set to ARM64_VEC_SME (in ssve_set())) when

system_supports_sme(), so the ARM64_VEC_SME case in the switch statement

is still unreachable when !system_supports_sme(). When

CONFIG_ARM64_SME=n, the only caller of sve_set_common() is sve_set(),

and the compiler can constant-fold for the case where type is

ARM64_VEC_SVE, removing the logic for other cases.

NVD Source

Technical Analysis

CVE-2026-23114 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-23114
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23114 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.