CVE-2026-43347

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: dts: qcom: monaco: Reserve full Gunyah metadata region<br /> <br /> We observe spurious "Synchronous External Abort" exceptions<br /> (ESR=0x96000010) and kernel crashes on Monaco-based platforms.<br /> These faults are caused by the kernel inadvertently accessing<br /> hypervisor-owned memory that is not properly marked as reserved.<br /> <br /> &gt;From boot log, The Qualcomm hypervisor reports the memory range<br /> at 0x91a80000 of size 0x80000 (512 KiB) as hypervisor-owned:<br /> qhee_hyp_assign_remove_memory: 0x91a80000/0x80000 -&gt; ret 0<br /> <br /> However, the EFI memory map provided by firmware only reserves the<br /> subrange 0x91a40000–0x91a87fff (288 KiB). The remaining portion<br /> (0x91a88000–0x91afffff) is incorrectly reported as conventional<br /> memory (from efi debug):<br /> efi: 0x000091a40000-0x000091a87fff [Reserved...]<br /> efi: 0x000091a88000-0x0000938fffff [Conventional...]<br /> <br /> As a result, the allocator may hand out PFNs inside the hypervisor<br /> owned region, causing fatal aborts when the kernel accesses those<br /> addresses.<br /> <br /> Add a reserved-memory carveout for the Gunyah hypervisor metadata<br /> at 0x91a80000 (512 KiB) and mark it as no-map so Linux does not<br /> map or allocate from this area.<br /> <br /> For the record:<br /> Hyp version: gunyah-e78adb36e debug (2025-11-17 05:38:05 UTC)<br /> UEFI Ver: 6.0.260122.BOOT.MXF.1.0.c1-00449-KODIAKLA-1