CVE-2026-43201 (GCVE-0-2026-43201)

Vulnerability from cvelistv5 – Published: 2026-05-06 11:28 – Updated: 2026-05-07 17:14
VLAI?
Title
APEI/GHES: ARM processor Error: don't go past allocated memory
Summary
In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info *)(err + 1); 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num); 72 ctx_err = (u8 *)ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 2599ad5e33b629a78a14a463a51afa134e9c5b15 , < 242c652849d979d0133c315a42d9acea0ff88390 (git)
Affected: 22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9 , < 136093ba4161e0080088abff48273f6830a47766 (git)
Affected: 05954511b73e748d0370549ad9dd9cd95297d97a , < db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd (git)
Affected: 05954511b73e748d0370549ad9dd9cd95297d97a , < 87880af2d24e62a84ed19943dbdd524f097172f2 (git)
Affected: 0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c (git)
Create a notification for this product.
    Linux Linux Affected: 6.19
Unaffected: 0 , < 6.19 (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/apei/ghes.c",
            "drivers/ras/ras.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "242c652849d979d0133c315a42d9acea0ff88390",
              "status": "affected",
              "version": "2599ad5e33b629a78a14a463a51afa134e9c5b15",
              "versionType": "git"
            },
            {
              "lessThan": "136093ba4161e0080088abff48273f6830a47766",
              "status": "affected",
              "version": "22b5096abc9824fb84f0bfe084f5be9f7ea5f2d9",
              "versionType": "git"
            },
            {
              "lessThan": "db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd",
              "status": "affected",
              "version": "05954511b73e748d0370549ad9dd9cd95297d97a",
              "versionType": "git"
            },
            {
              "lessThan": "87880af2d24e62a84ed19943dbdd524f097172f2",
              "status": "affected",
              "version": "05954511b73e748d0370549ad9dd9cd95297d97a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0aa7b12eaa87cd6ffa25d432d3c58986516f8b1c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/apei/ghes.c",
            "drivers/ras/ras.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.19"
            },
            {
              "lessThan": "6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "6.12.63",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "6.18.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.17.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nAPEI/GHES: ARM processor Error: don\u0027t go past allocated memory\n\nIf the BIOS generates a very small ARM Processor Error, or\nan incomplete one, the current logic will fail to deferrence\n\n\terr-\u003esection_length\nand\n\tctx_info-\u003esize\n\nAdd checks to avoid that. With such changes, such GHESv2\nrecords won\u0027t cause OOPSes like this:\n\n[    1.492129] Internal error: Oops: 0000000096000005 [#1]  SMP\n[    1.495449] Modules linked in:\n[    1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT\n[    1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022\n[    1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred\n[    1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[    1.497199] pc : log_arm_hw_error+0x5c/0x200\n[    1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220\n\n0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).\n70\t\terr_info = (struct cper_arm_err_info *)(err + 1);\n71\t\tctx_info = (struct cper_arm_ctx_info *)(err_info + err-\u003eerr_info_num);\n72\t\tctx_err = (u8 *)ctx_info;\n73\n74\t\tfor (n = 0; n \u003c err-\u003econtext_info_num; n++) {\n75\t\t\tsz = sizeof(struct cper_arm_ctx_info) + ctx_info-\u003esize;\n76\t\t\tctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);\n77\t\t\tctx_len += sz;\n78\t\t}\n79\n\nand similar ones while trying to access section_length on an\nerror dump with too small size.\n\n[ rjw: Subject tweaks ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T17:14:40.303Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390"
        },
        {
          "url": "https://git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766"
        },
        {
          "url": "https://git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2"
        }
      ],
      "title": "APEI/GHES: ARM processor Error: don\u0027t go past allocated memory",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43201",
    "datePublished": "2026-05-06T11:28:07.565Z",
    "dateReserved": "2026-05-01T14:12:55.992Z",
    "dateUpdated": "2026-05-07T17:14:40.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43201",
      "date": "2026-05-07",
      "epss": "0.00018",
      "percentile": "0.04678"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43201\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-06T12:16:39.223\",\"lastModified\":\"2026-05-06T13:07:51.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nAPEI/GHES: ARM processor Error: don\u0027t go past allocated memory\\n\\nIf the BIOS generates a very small ARM Processor Error, or\\nan incomplete one, the current logic will fail to deferrence\\n\\n\\terr-\u003esection_length\\nand\\n\\tctx_info-\u003esize\\n\\nAdd checks to avoid that. With such changes, such GHESv2\\nrecords won\u0027t cause OOPSes like this:\\n\\n[    1.492129] Internal error: Oops: 0000000096000005 [#1]  SMP\\n[    1.495449] Modules linked in:\\n[    1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT\\n[    1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022\\n[    1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred\\n[    1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\\n[    1.497199] pc : log_arm_hw_error+0x5c/0x200\\n[    1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220\\n\\n0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).\\n70\\t\\terr_info = (struct cper_arm_err_info *)(err + 1);\\n71\\t\\tctx_info = (struct cper_arm_ctx_info *)(err_info + err-\u003eerr_info_num);\\n72\\t\\tctx_err = (u8 *)ctx_info;\\n73\\n74\\t\\tfor (n = 0; n \u003c err-\u003econtext_info_num; n++) {\\n75\\t\\t\\tsz = sizeof(struct cper_arm_ctx_info) + ctx_info-\u003esize;\\n76\\t\\t\\tctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);\\n77\\t\\t\\tctx_len += sz;\\n78\\t\\t}\\n79\\n\\nand similar ones while trying to access section_length on an\\nerror dump with too small size.\\n\\n[ rjw: Subject tweaks ]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.