Memory Allocation Vulnerability in Linux Kernel Affects Multiple Configurations
CVE-2026-43277

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43277?

A vulnerability in the Linux Kernel's handling of APEI/GHES can lead to memory allocation errors when firmware sends overly large data records. The function 'ghes_new()' currently allocates memory based on CPER bios records, but faulty firmware can send larger data than the allocated size. This discrepancy could cause a kernel OOPS, ultimately resulting in system instability or crashes. Mitigating this issue involves adjusting allocation logic to ensure memory boundaries are respected and do not exceed expected limits.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 92ba79074c58e65a6e32713758c5a9aecd33c2ea

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 616c120dcdf1ce96edcd818e38bce49667f80689

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/92ba79074c58e65a6e3271375...

https://git.kernel.org/stable/c/616c120dcdf1ce96edcd818e3...

https://git.kernel.org/stable/c/f3740a1562445f36f08afab8a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43277 Data

JSON