VYPR
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 13, 2026

CVE-2026-43171

CVE-2026-43171

Description

In the Linux kernel, the following vulnerability has been resolved:

EFI/CPER: don't dump the entire memory region

The current logic at cper_print_fw_err() doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offset will underflow, making it dump the entire memory.

The end result can be:

  • the logic taking a lot of time dumping large regions of memory;
  • data disclosure due to the memory dumps;
  • an OOPS, if it tries to dump an unmapped memory region.

Fix it by checking if the section length is too small before doing a hex dump.

[ rjw: Subject tweaks ]

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Linux/Kernel4 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >5.7,<5.10.252
    • cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.7:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.