CVE-2026-43201

EUVD-2026-27760
In the Linux kernel, the following vulnerability has been resolved:

APEI/GHES: ARM processor Error: don't go past allocated memory

If the BIOS generates a very small ARM Processor Error, or
an incomplete one, the current logic will fail to deferrence

	err->section_length
and
	ctx_info->size

Add checks to avoid that. With such changes, such GHESv2
records won't cause OOPSes like this:

[    1.492129] Internal error: Oops: 0000000096000005 [#1]  SMP
[    1.495449] Modules linked in:
[    1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT
[    1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022
[    1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred
[    1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[    1.497199] pc : log_arm_hw_error+0x5c/0x200
[    1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220

0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).
70		err_info = (struct cper_arm_err_info *)(err + 1);
71		ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num);
72		ctx_err = (u8 *)ctx_info;
73
74		for (n = 0; n < err->context_info_num; n++) {
75			sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size;
76			ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);
77			ctx_len += sz;
78		}
79

and similar ones while trying to access section_length on an
error dump with too small size.

[ rjw: Subject tweaks ]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.12.63 ≤
𝑥
< 6.12.75
linuxlinux_kernel
6.18.2 ≤
𝑥
< 6.18.16
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.12
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
bpftool6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel-livepatch-6.12.77-99.140
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.18.16-18.222
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-libbpf
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-libbpf-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-libbpf-devel
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-libbpf-static
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-static
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.77-99.140.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.137.1-2.azl3
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766
https://git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390
https://git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2
https://git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd