CVE-2026-43201

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> APEI/GHES: ARM processor Error: don&amp;#39;t go past allocated memory<br /> <br /> If the BIOS generates a very small ARM Processor Error, or<br /> an incomplete one, the current logic will fail to deferrence<br /> <br /> err-&gt;section_length<br /> and<br /> ctx_info-&gt;size<br /> <br /> Add checks to avoid that. With such changes, such GHESv2<br /> records won&amp;#39;t cause OOPSes like this:<br /> <br /> [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP<br /> [ 1.495449] Modules linked in:<br /> [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT<br /> [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022<br /> [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred<br /> [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)<br /> [ 1.497199] pc : log_arm_hw_error+0x5c/0x200<br /> [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220<br /> <br /> 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75).<br /> 70 err_info = (struct cper_arm_err_info *)(err + 1);<br /> 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err-&gt;err_info_num);<br /> 72 ctx_err = (u8 *)ctx_info;<br /> 73<br /> 74 for (n = 0; n context_info_num; n++) {<br /> 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info-&gt;size;<br /> 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz);<br /> 77 ctx_len += sz;<br /> 78 }<br /> 79<br /> <br /> and similar ones while trying to access section_length on an<br /> error dump with too small size.<br /> <br /> [ rjw: Subject tweaks ]