Description
In the Linux kernel, the following vulnerability has been resolved:

EFI/CPER: don't dump the entire memory region

The current logic at cper_print_fw_err() doesn't check if the
error record length is big enough to handle offset. On a bad firmware,
if the ofset is above the actual record, length -= offset will
underflow, making it dump the entire memory.

The end result can be:

- the logic taking a lot of time dumping large regions of memory;
- data disclosure due to the memory dumps;
- an OOPS, if it tries to dump an unmapped memory region.

Fix it by checking if the section length is too small before doing
a hex dump.

[ rjw: Subject tweaks ]
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel routine cper_print_fw_err() performs a hex dump of firmware error records without verifying that the requested offset fits within the error record’s length. When a malicious firmware record supplies an offset larger than the record size, subtracting the offset causes an unsigned underflow, yielding a negative length that expands the dump to the entire surrounding memory. The kernel then spends excessive time printing large regions, discloses kernel memory contents that may be captured by user processes or logs, and can crash with an OOPS if the calculated dump area extends into unmapped memory.

Affected Systems

All Linux kernel releases that support CPER or EFI firmware error handling are potentially affected, including the explicit kernel versions listed in the CPEs: 5.7 and 5.7‑rc7. The flaw is present in the current stable source tree until the upstream patch is applied, so any deployment that has not yet updated to a patched kernel is vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 5.5, indicating moderate severity with potential for information disclosure and service interruption. The EPSS score of <1 % reflects a low probability of exploitation, and it is not listed in the CISA KEV catalog. Exploitation would require supplying a crafted firmware image or compromising the firmware supply chain; the attacker would trigger the underflow by inserting an oversized offset, leading to extensive memory dumps or a system crash. While the risk is moderate, the likelihood of real‑world exploitation remains low under normal circumstances.

Generated by OpenCVE AI on May 13, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the cper_print_fw_err() length‑validation patch
  • If an update is not yet available, disable CPER/EFI firmware error logging or set the debug dump level to zero to prevent large memory dumps
  • Enable firmware authenticity checks such as UEFI Secure Boot or signed firmware verification to block malicious firmware from loading

Generated by OpenCVE AI on May 13, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-788

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-191
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-788

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cper_print_fw_err() doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offset will underflow, making it dump the entire memory. The end result can be: - the logic taking a lot of time dumping large regions of memory; - data disclosure due to the memory dumps; - an OOPS, if it tries to dump an unmapped memory region. Fix it by checking if the section length is too small before doing a hex dump. [ rjw: Subject tweaks ]
Title EFI/CPER: don't dump the entire memory region
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:19:09.627Z

Reserved: 2026-05-01T14:12:55.990Z

Link: CVE-2026-43171

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:35.447

Modified: 2026-05-13T14:55:22.277

Link: CVE-2026-43171

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43171 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:30:06Z

Weaknesses