Out-of-bounds read in Linux kernel - CVE-2026-43277
Published: May 7, 2026
Vulnerability identifier: #VU130420
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-43277
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows an attacker with physical access to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in ghes_new() and CPER error record handling when processing firmware-supplied CPER data. An attacker with physical access can provide a malformed CPER record with a length larger than the allocated buffer to cause a denial of service.
The issue can be triggered by bad firmware supplying inconsistent CPER record size information.
How to mitigate CVE-2026-43277
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/616c120dcdf1ce96edcd818e38bce49667f80689
- https://git.kernel.org/stable/c/6f5d41984ad896736c23e2fff7c80e15c1319132
- https://git.kernel.org/stable/c/92ba79074c58e65a6e32713758c5a9aecd33c2ea
- https://git.kernel.org/stable/c/98bd9b28d4d11e6739ad86524b4be4ada9025e60
- https://git.kernel.org/stable/c/b6be51a12441136fdf8c49b2525689fbea1856e1
- https://git.kernel.org/stable/c/e0ec99115e135dbb58e11a0df007c7d4771d4a17
- https://git.kernel.org/stable/c/f3740a1562445f36f08afab8af59e37117b3acdc
- https://git.kernel.org/stable/c/fa2408a24f8f0db14d9cfc613ef162dc267d7ad4