CVE-2026-43266
Buffer Overflow in Linux Kernel EFI/CPER Handling
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's handling of ARM processor CPER (Common Platform Error Record) records within the EFI/CPER subsystem.
The issue arises because the kernel trusts the section_length field in the CPER record without properly verifying if it is too large. While there is a check to detect if the section_length is too small, there is no check for it being excessively large.
An attacker or faulty firmware can provide a CPER record with an abnormally large section_length value, causing the kernel to dump a very large amount of data beyond the intended firmware memory area. This can lead to improper handling of hardware error records.
The fix involves adding logic to prevent the kernel from processing section_length values that exceed the buffer size, especially when ERR_INFO_NUM is too large, and instead report an error indicating the section length is too big and the firmware-generated error record is incorrect.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to process and dump excessive amounts of data due to an unchecked large section_length in ARM processor CPER records.
Such behavior may lead to system instability, potential denial of service, or exposure of unintended memory contents, which could be exploited by attackers to disrupt system operations or gain unauthorized information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to the Linux kernel handling of ARM processor CPER records, where an excessively large section_length can cause a very long dump beyond the firmware memory-mapped area.
Detection would involve monitoring hardware error logs for suspicious or malformed CPER records, especially those indicating unusually large section lengths or errors related to ARM processor error sections.
Typical commands to check hardware error logs on Linux systems include:
- dmesg | grep -i 'Hardware Error'
- journalctl -k | grep -i 'Hardware Error'
- sudo cat /sys/firmware/efi/efivars/* | grep -i 'CPER'
Look for messages similar to the example given in the description, such as 'section length is too big' or 'firmware-generated error record is incorrect'.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by adding logic in the Linux kernel to prevent processing CPER records with section lengths that exceed the buffer size.
Immediate mitigation steps include:
- Update your Linux kernel to a version that includes the fix for this vulnerability.
- Monitor hardware error logs for suspicious CPER records to detect potential exploitation attempts.
- If updating the kernel is not immediately possible, consider restricting or monitoring firmware error reporting interfaces to prevent processing of malformed CPER records.