CVE-2026-43266

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> EFI/CPER: don&amp;#39;t go past the ARM processor CPER record buffer<br /> <br /> There&amp;#39;s a logic inside GHES/CPER to detect if the section_length<br /> is too small, but it doesn&amp;#39;t detect if it is too big.<br /> <br /> Currently, if the firmware receives an ARM processor CPER record<br /> stating that a section length is big, kernel will blindly trust<br /> section_length, producing a very long dump. For instance, a 67<br /> bytes record with ERR_INFO_NUM set 46198 and section length<br /> set to 854918320 would dump a lot of data going a way past the<br /> firmware memory-mapped area.<br /> <br /> Fix it by adding a logic to prevent it to go past the buffer<br /> if ERR_INFO_NUM is too big, making it report instead:<br /> <br /> [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1<br /> [Hardware Error]: event severity: recoverable<br /> [Hardware Error]: Error 0, type: recoverable<br /> [Hardware Error]: section_type: ARM processor error<br /> [Hardware Error]: MIDR: 0xff304b2f8476870a<br /> [Hardware Error]: section length: 854918320, CPER size: 67<br /> [Hardware Error]: section length is too big<br /> [Hardware Error]: firmware-generated error record is incorrect<br /> [Hardware Error]: ERR_INFO_NUM is 46198<br /> <br /> [ rjw: Subject and changelog tweaks ]