Description
In the Linux kernel, the following vulnerability has been resolved:

APEI/GHES: ARM processor Error: don't go past allocated memory

If the BIOS generates a very small ARM Processor Error, or
an incomplete one, the current logic will fail to deferrence

err->section_length
and
ctx_info->size

Add checks to avoid that. With such changes, such GHESv2
records won't cause OOPSes like this:

[ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP
[ 1.495449] Modules linked in:
[ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT
[ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022
[ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred
[ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1.497199] pc : log_arm_hw_error+0x5c/0x200
[ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220

0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).
70 err_info = (struct cper_arm_err_info *)(err + 1);
71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num);
72 ctx_err = (u8 *)ctx_info;
73
74 for (n = 0; n < err->context_info_num; n++) {
75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size;
76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);
77 ctx_len += sz;
78 }
79

and similar ones while trying to access section_length on an
error dump with too small size.

[ rjw: Subject tweaks ]
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel ACPI GHES handler permits a malformed or truncated ARM Processor Error record, emitted by the BIOS, to cause the kernel to dereference memory past the bounds of the supplied data structure. This results in a kernel OOPS that brings the system down or forces a reboot, providing an attacker with a means to deny service. The bug is a direct memory access error that can lead to a crash rather than code execution. The likely attack vector requires control of the firmware or ability to inject a forged GHES event, so it is considered a low‑to‑medium effort local or firmware‑based attack.

Affected Systems

The issue resides in the Linux kernel source tree; the resolving patch was introduced in a specific commit to the mainline repository. All Linux kernel distributions that contain the unpatched code are vulnerable, including mainstream, embedded, and custom builds. No specific kernel version range is given, so every build before the patch should be considered affected.

Risk and Exploitability

No CVSS score is provided in the advisory, EPSS data is missing, and the vulnerability is not listed in CISA’s KEV catalog. The weakness causes a hard kernel crash, which is a high‑impact availability risk. Exploitation would require a crafted GHESv2 record from firmware or a malicious BIOS, which, while not trivial, can be achieved by firmware compromise or insider threat. Consequently, the likelihood of exploitation is low to moderate, but the impact of a successful exploit is severe.

Generated by OpenCVE AI on May 6, 2026 at 14:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch for the GHESv2 bounds check (see the commit referenced in the advisory).
  • If a kernel upgrade cannot be performed immediately, disable the ACPI GHES handler by setting the kernel parameter acpi_ghes=0 or using a corresponding sysfs control to prevent the kernel from processing error records.
  • Verify and update the system firmware (BIOS/UEFI) to a version that emits valid GHESv2 records; apply any vendor firmware patch that addresses ARM Processor error reporting.

Generated by OpenCVE AI on May 6, 2026 at 14:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info *)(err + 1); 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num); 72 ctx_err = (u8 *)ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]
Title APEI/GHES: ARM processor Error: don't go past allocated memory
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:07.565Z

Reserved: 2026-05-01T14:12:55.992Z

Link: CVE-2026-43201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:39.223

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T17:00:05Z

Weaknesses