{"id":"CVE-2026-43266","summary":"EFI/CPER: don't go past the ARM processor CPER record buffer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nEFI/CPER: don't go past the ARM processor CPER record buffer\n\nThere's a logic inside GHES/CPER to detect if the section_length\nis too small, but it doesn't detect if it is too big.\n\nCurrently, if the firmware receives an ARM processor CPER record\nstating that a section length is big, kernel will blindly trust\nsection_length, producing a very long dump. For instance, a 67\nbytes record with ERR_INFO_NUM set 46198 and section length\nset to 854918320 would dump a lot of data going a way past the\nfirmware memory-mapped area.\n\nFix it by adding a logic to prevent it to go past the buffer\nif ERR_INFO_NUM is too big, making it report instead:\n\n\t[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1\n\t[Hardware Error]: event severity: recoverable\n\t[Hardware Error]:  Error 0, type: recoverable\n\t[Hardware Error]:   section_type: ARM processor error\n\t[Hardware Error]:   MIDR: 0xff304b2f8476870a\n\t[Hardware Error]:   section length: 854918320, CPER size: 67\n\t[Hardware Error]:   section length is too big\n\t[Hardware Error]:   firmware-generated error record is incorrect\n\t[Hardware Error]:   ERR_INFO_NUM is 46198\n\n[ rjw: Subject and changelog tweaks ]","modified":"2026-06-18T03:54:34.550637709Z","published":"2026-05-06T11:28:52.238Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43266.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/25b290624b0e3d2f0f90238709ee0b6009b9fde8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/45766863baf899059e75595dd3cb1116467f2095"},{"type":"WEB","url":"https://git.kernel.org/stable/c/64eb63f573f497553e1a0c388bbcdd639e0f0704"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a68d22902a6916e10ee235fee609239004e129d0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be10c1bdf64a39832998f54900aa309b3917abcf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c80113dcfc807308f5ab33847fae77e07531aeb8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ca2aad8771aa9091bc9e42e7d546bd40b72ddcd4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eae21beecb95a3b69ee5c38a659f774e171d730e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43266.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43266"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2f74f09bce4f8d0236f20174a6daae63e10fe733"},{"fixed":"c80113dcfc807308f5ab33847fae77e07531aeb8"},{"fixed":"ca2aad8771aa9091bc9e42e7d546bd40b72ddcd4"},{"fixed":"a68d22902a6916e10ee235fee609239004e129d0"},{"fixed":"64eb63f573f497553e1a0c388bbcdd639e0f0704"},{"fixed":"be10c1bdf64a39832998f54900aa309b3917abcf"},{"fixed":"25b290624b0e3d2f0f90238709ee0b6009b9fde8"},{"fixed":"45766863baf899059e75595dd3cb1116467f2095"},{"fixed":"eae21beecb95a3b69ee5c38a659f774e171d730e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43266.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.13.0"},{"fixed":"5.10.252"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.202"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.165"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.128"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43266.json"}}],"schema_version":"1.7.5"}