Home

Description

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info *)(err + 1); 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num); 72 ctx_err = (u8 *)ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-07 | Assigner Linux

Product status

Default status
unaffected

2599ad5e33b629a78a14a463a51afa134e9c5b15 (git) before 242c652849d979d0133c315a42d9acea0ff88390
affected

22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9 (git) before 136093ba4161e0080088abff48273f6830a47766
affected

05954511b73e748d0370549ad9dd9cd95297d97a (git) before db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd
affected

05954511b73e748d0370549ad9dd9cd95297d97a (git) before 87880af2d24e62a84ed19943dbdd524f097172f2
affected

0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c (git)
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.12.75 (semver)
unaffected

6.18.16 (semver)
unaffected

6.19.6 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/242c652849d979d0133c315a42d9acea0ff88390

git.kernel.org/...c/136093ba4161e0080088abff48273f6830a47766

git.kernel.org/...c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd

git.kernel.org/...c/87880af2d24e62a84ed19943dbdd524f097172f2

cve.org (CVE-2026-43201)

nvd.nist.gov (CVE-2026-43201)

Download JSON