Linux Kernel Vulnerability Impacting ARM Processor Firmware Processing
CVE-2026-43266

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43266?

A vulnerability has been identified in the Linux kernel concerning the processing of firmware error records in ARM processors. The error stems from the kernel's ability to trust overly large section lengths in CPER records without appropriate validation. This could lead to excessive data dumps beyond the designated memory-mapped region, potentially causing significant operational issues. The resolution involves implementing logic to ensure that excessively large section lengths are appropriately flagged, thus improving the kernel's robustness against misleading firmware-generated error records.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/c80113dcfc807308f5ab33847...

https://git.kernel.org/stable/c/ca2aad8771aa9091bc9e42e7d...

https://git.kernel.org/stable/c/a68d22902a6916e10ee235fee...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43266 Data

JSON