CVE-2026-43201
Awaiting Analysis Awaiting Analysis - Queue
Memory Corruption in Linux Kernel APEI/GHES

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info *)(err + 1); 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num); 72 ctx_err = (u8 *)ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43201
EUVD
EUVD-2026-27760
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.18.0-rc1-00017-gabadcc3553dd-dirty
linux linux_kernel From 6.18.0-rc1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's handling of ARM processor errors reported via the APEI/GHES interface. Specifically, if the BIOS generates a very small or incomplete ARM Processor Error record, the kernel's current logic fails to properly check the sizes of certain error sections before accessing them. This can lead to attempts to access memory beyond what was allocated, causing kernel crashes (OOPSes). The issue arises because the code does not adequately verify the section_length and context_info size fields before dereferencing them.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash unexpectedly when processing certain ARM processor error records generated by the BIOS. Such crashes (kernel OOPSes) can lead to system instability, potential data loss, and downtime. Systems running vulnerable kernel versions on ARM architectures may experience reliability issues if exposed to malformed or incomplete hardware error reports.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as kernel OOPS errors related to ARM processor error handling in the Linux kernel. Detection involves monitoring system logs for specific error messages indicating internal errors or OOPSes caused by ARM processor error records.

  • Check kernel logs for messages similar to: "Internal error: Oops: 0000000096000005" or errors referencing functions like log_arm_hw_error or ghes_handle_arm_hw_error.
  • Use the command: dmesg | grep -i 'Oops' to filter kernel OOPS messages.
  • Use journalctl -k | grep -i 'arm_hw_error' to find hardware error logs related to ARM processor errors.
  • Monitor system logs in /var/log/kern.log or /var/log/messages for similar error patterns.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by adding checks in the Linux kernel to avoid accessing memory beyond allocated sections when handling ARM processor errors. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

  • Apply the latest Linux kernel updates or patches that address this specific ARM processor error handling issue.
  • If updating immediately is not possible, monitor for the described kernel OOPS errors and consider limiting workloads that trigger ARM processor error handling.
  • Review BIOS updates from your hardware vendor that might prevent generation of incomplete ARM processor error records.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart