CVE-2026-43171
Description
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't dump the entire memory region
The current logic at cper_print_fw_err() doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offset will underflow, making it dump the entire memory.
The end result can be:
- the logic taking a lot of time dumping large regions of memory;
- data disclosure due to the memory dumps;
- an OOPS, if it tries to dump an unmapped memory region.
Fix it by checking if the section length is too small before doing a hex dump.
[ rjw: Subject tweaks ]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing length check in the Linux kernel's EFI/CPER error handler can cause memory underflow, leading to large memory dumps, data disclosure, or a kernel OOPS.
Vulnerability
The cper_print_fw_err() function in the Linux kernel's EFI/ CPER (Common Platform Error Record) handling lacks a validation check for the error record length relative to the offset. When a malformed firmware record is processed, the subtraction length -= offset can underflow if the offset exceeds the actual record length, resulting in a huge positive value. This causes the subsequent hex dump routine to attempt to read and print an enormous memory region.
Exploitation
An attacker who can supply a crafted UEFI CPER record—for example, through physical access or a compromised firmware—can trigger this vulnerability. No special privileges are required beyond the ability to influence the error record that the kernel processes. The underflow leads to uncontrolled memory reads from arbitrary kernel addresses.
Impact
The consequences include: excessive time spent dumping large memory regions, potentially causing a denial of service; disclosure of sensitive kernel memory contents (data disclosure); and a kernel OOPS if the attempted dump targets an unmapped memory region. The CVSS v3 score of 5.5 (Medium) reflects the potential for information disclosure and availability impact.
Mitigation
The fix adds a check to verify that the section length is sufficient before performing the hex dump, preventing the underflow. Patches have been applied to stable kernel trees [1][2][3][4]. Users should update to the latest stable kernel version to remediate this issue.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/02de64ab54b4bb0f1b21bb324aeff3b08612be33nvdPatch
- git.kernel.org/stable/c/0e09b522f2622841389c3b2f9ac4969e35c0809dnvdPatch
- git.kernel.org/stable/c/54e131db4cdffd946db890ff33ff2647053fd4f6nvdPatch
- git.kernel.org/stable/c/55cc6fe5716f678f06bcb95140882dfa684464ecnvdPatch
- git.kernel.org/stable/c/5a9b1dda8481b82851a655c3bcc5b44879b95334nvdPatch
- git.kernel.org/stable/c/64ae5aaa7ac93c83da456039e8ec747bfa8a7cffnvdPatch
- git.kernel.org/stable/c/7780c0bad2a3a70a8c0113a33c02f4151d901eb3nvdPatch
- git.kernel.org/stable/c/a8419f5f2c5f2d80848ddabb2b95cf0da84a5f91nvdPatch
News mentions
0No linked articles in our index yet.