CVE-2026-43201 (GCVE-0-2026-43201)
Vulnerability from cvelistv5
Published
2026-05-06 11:28
Modified
2026-05-23 16:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ARM processor Error: don't go past allocated memory
If the BIOS generates a very small ARM Processor Error, or
an incomplete one, the current logic will fail to deferrence
err->section_length
and
ctx_info->size
Add checks to avoid that. With such changes, such GHESv2
records won't cause OOPSes like this:
[ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP
[ 1.495449] Modules linked in:
[ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT
[ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022
[ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred
[ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1.497199] pc : log_arm_hw_error+0x5c/0x200
[ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220
0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).
70 err_info = (struct cper_arm_err_info *)(err + 1);
71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num);
72 ctx_err = (u8 *)ctx_info;
73
74 for (n = 0; n < err->context_info_num; n++) {
75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size;
76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);
77 ctx_len += sz;
78 }
79
and similar ones while trying to access section_length on an
error dump with too small size.
[ rjw: Subject tweaks ]
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2599ad5e33b629a78a14a463a51afa134e9c5b15 Version: 22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9 Version: 05954511b73e748d0370549ad9dd9cd95297d97a Version: 05954511b73e748d0370549ad9dd9cd95297d97a Version: 0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c Version: 6.12.63 ≤ Version: 6.18.2 ≤ Version: 6.17.13 ≤ |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/apei/ghes.c",
"drivers/ras/ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "242c652849d979d0133c315a42d9acea0ff88390",
"status": "affected",
"version": "2599ad5e33b629a78a14a463a51afa134e9c5b15",
"versionType": "git"
},
{
"lessThan": "136093ba4161e0080088abff48273f6830a47766",
"status": "affected",
"version": "22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9",
"versionType": "git"
},
{
"lessThan": "db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd",
"status": "affected",
"version": "05954511b73e748d0370549ad9dd9cd95297d97a",
"versionType": "git"
},
{
"lessThan": "87880af2d24e62a84ed19943dbdd524f097172f2",
"status": "affected",
"version": "05954511b73e748d0370549ad9dd9cd95297d97a",
"versionType": "git"
},
{
"status": "affected",
"version": "0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c",
"versionType": "git"
},
{
"lessThan": "6.12.75",
"status": "affected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThan": "6.18.16",
"status": "affected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThan": "6.18",
"status": "affected",
"version": "6.17.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/apei/ghes.c",
"drivers/ras/ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.19"
},
{
"lessThan": "6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "6.12.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.16",
"versionStartIncluding": "6.18.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.6",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nAPEI/GHES: ARM processor Error: don\u0027t go past allocated memory\n\nIf the BIOS generates a very small ARM Processor Error, or\nan incomplete one, the current logic will fail to deferrence\n\n\terr-\u003esection_length\nand\n\tctx_info-\u003esize\n\nAdd checks to avoid that. With such changes, such GHESv2\nrecords won\u0027t cause OOPSes like this:\n\n[ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP\n[ 1.495449] Modules linked in:\n[ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT\n[ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022\n[ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred\n[ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 1.497199] pc : log_arm_hw_error+0x5c/0x200\n[ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220\n\n0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).\n70\t\terr_info = (struct cper_arm_err_info *)(err + 1);\n71\t\tctx_info = (struct cper_arm_ctx_info *)(err_info + err-\u003eerr_info_num);\n72\t\tctx_err = (u8 *)ctx_info;\n73\n74\t\tfor (n = 0; n \u003c err-\u003econtext_info_num; n++) {\n75\t\t\tsz = sizeof(struct cper_arm_ctx_info) + ctx_info-\u003esize;\n76\t\t\tctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);\n77\t\t\tctx_len += sz;\n78\t\t}\n79\n\nand similar ones while trying to access section_length on an\nerror dump with too small size.\n\n[ rjw: Subject tweaks ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:06:29.674Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390"
},
{
"url": "https://git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766"
},
{
"url": "https://git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd"
},
{
"url": "https://git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2"
}
],
"title": "APEI/GHES: ARM processor Error: don\u0027t go past allocated memory",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43201",
"datePublished": "2026-05-06T11:28:07.565Z",
"dateReserved": "2026-05-01T14:12:55.992Z",
"dateUpdated": "2026-05-23T16:06:29.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…