CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> irqchip/gic-v3-its: Avoid truncating memory addresses<br /> <br /> On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem<br /> allocations to be backed by addresses physical memory above the 32-bit<br /> address limit, as found while experimenting with larger VMSPLIT<br /> configurations.<br /> <br /> This caused the qemu virt model to crash in the GICv3 driver, which<br /> allocates the &amp;#39;itt&amp;#39; object using GFP_KERNEL. Since all memory below<br /> the 4GB physical address limit is in ZONE_DMA in this configuration,<br /> kmalloc() defaults to higher addresses for ZONE_NORMAL, and the<br /> ITS driver stores the physical address in a 32-bit &amp;#39;unsigned long&amp;#39;<br /> variable.<br /> <br /> Change the itt_addr variable to the correct phys_addr_t type instead,<br /> along with all other variables in this driver that hold a physical<br /> address.<br /> <br /> The gicv5 driver correctly uses u64 variables, while all other irqchip<br /> drivers don&amp;#39;t call virt_to_phys or similar interfaces. It&amp;#39;s expected that<br /> other device drivers have similar issues, but fixing this one is<br /> sufficient for booting a virtio based guest.