APEI/GHES: ARM processor Error: don't go past allocated memory

Summary

CVE	CVE-2026-43201
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-06 12:16:39 UTC
Updated	2026-05-11 20:20:33 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info )(err + 1); 71 ctx_info = (struct cper_arm_ctx_info )(err_info + err->err_info_num); 72 ctx_err = (u8 )ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info )((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: NVD-CWE-noinfo

CVSS v3.1 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 2599ad5e33b629a78a14a463a51afa134e9c5b15 242c652849d979d0133c315a42d9acea0ff88390 git	Not specified
CNA	Linux	Linux	affected 22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9 136093ba4161e0080088abff48273f6830a47766 git	Not specified
CNA	Linux	Linux	affected 05954511b73e748d0370549ad9dd9cd95297d97a db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd git	Not specified
CNA	Linux	Linux	affected 05954511b73e748d0370549ad9dd9cd95297d97a 87880af2d24e62a84ed19943dbdd524f097172f2 git	Not specified
CNA	Linux	Linux	affected 0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c git	Not specified
CNA	Linux	Linux	affected 6.19	Not specified
CNA	Linux	Linux	unaffected 6.19 semver	Not specified
CNA	Linux	Linux	unaffected 6.12.75 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.16 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.6 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.