Home

Description

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the section_length is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM processor CPER record stating that a section length is big, kernel will blindly trust section_length, producing a very long dump. For instance, a 67 bytes record with ERR_INFO_NUM set 46198 and section length set to 854918320 would dump a lot of data going a way past the firmware memory-mapped area. Fix it by adding a logic to prevent it to go past the buffer if ERR_INFO_NUM is too big, making it report instead: [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1 [Hardware Error]: event severity: recoverable [Hardware Error]: Error 0, type: recoverable [Hardware Error]: section_type: ARM processor error [Hardware Error]: MIDR: 0xff304b2f8476870a [Hardware Error]: section length: 854918320, CPER size: 67 [Hardware Error]: section length is too big [Hardware Error]: firmware-generated error record is incorrect [Hardware Error]: ERR_INFO_NUM is 46198 [ rjw: Subject and changelog tweaks ]

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-07 | Assigner Linux

Product status

Default status
unaffected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before c80113dcfc807308f5ab33847fae77e07531aeb8
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before ca2aad8771aa9091bc9e42e7d546bd40b72ddcd4
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before a68d22902a6916e10ee235fee609239004e129d0
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before 64eb63f573f497553e1a0c388bbcdd639e0f0704
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before be10c1bdf64a39832998f54900aa309b3917abcf
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before 25b290624b0e3d2f0f90238709ee0b6009b9fde8
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before 45766863baf899059e75595dd3cb1116467f2095
affected

2f74f09bce4f8d0236f20174a6daae63e10fe733 (git) before eae21beecb95a3b69ee5c38a659f774e171d730e
affected

Default status
affected

4.13
affected

Any version before 4.13
unaffected

5.10.252 (semver)
unaffected

5.15.202 (semver)
unaffected

6.1.165 (semver)
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.16 (semver)
unaffected

6.19.6 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c80113dcfc807308f5ab33847fae77e07531aeb8

git.kernel.org/...c/ca2aad8771aa9091bc9e42e7d546bd40b72ddcd4

git.kernel.org/...c/a68d22902a6916e10ee235fee609239004e129d0

git.kernel.org/...c/64eb63f573f497553e1a0c388bbcdd639e0f0704

git.kernel.org/...c/be10c1bdf64a39832998f54900aa309b3917abcf

git.kernel.org/...c/25b290624b0e3d2f0f90238709ee0b6009b9fde8

git.kernel.org/...c/45766863baf899059e75595dd3cb1116467f2095

git.kernel.org/...c/eae21beecb95a3b69ee5c38a659f774e171d730e

cve.org (CVE-2026-43266)

nvd.nist.gov (CVE-2026-43266)

Download JSON