CVE-2026-43171
Awaiting Analysis Awaiting Analysis - Queue
EFI/CPER Memory Dump Flaw in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cper_print_fw_err() doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offset will underflow, making it dump the entire memory. The end result can be: - the logic taking a lot of time dumping large regions of memory; - data disclosure due to the memory dumps; - an OOPS, if it tries to dump an unmapped memory region. Fix it by checking if the section length is too small before doing a hex dump. [ rjw: Subject tweaks ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43171
EUVD
EUVD-2026-27730
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's EFI/CPER error handling logic, specifically in the function cper_print_fw_err(). The function does not properly check if the error record length is sufficient to handle an offset value. If the firmware is faulty and provides an offset that is larger than the actual error record, a length underflow occurs (length minus offset), causing the system to dump the entire memory region.

This improper handling can lead to excessive memory dumping, potentially exposing sensitive data or causing system instability.

Impact Analysis

The vulnerability can impact you in several ways:

  • The system may spend a lot of time dumping large regions of memory, leading to performance degradation.
  • Sensitive data could be disclosed due to the memory dumps, potentially exposing confidential information.
  • An OOPS (kernel crash) may occur if the system attempts to dump an unmapped memory region, causing instability or downtime.
Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix has been applied. The fix involves checking if the section length is sufficient before performing a hex dump in the EFI/CPER error handling logic, preventing memory underflow and large memory dumps.

Avoid running untrusted or bad firmware that could trigger this issue, as it causes excessive memory dumping and potential data disclosure.

Compliance Impact

This vulnerability can lead to data disclosure due to memory dumps caused by improper handling of error record lengths in the Linux kernel's EFI/CPER component.

Such unintended data disclosure could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information from unauthorized access or leaks.

However, the provided information does not explicitly discuss compliance implications or specific regulatory impacts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43171. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart