製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける不特定の脆弱性

Title	LinuxのLinux Kernelにおける不特定の脆弱性
Summary	Linuxカーネルにおいて、APEI/GHESのCPERで割り当てられたレコードのサイズを超えないようにする脆弱性が修正されました。不正なファームウェアがBIOSテーブルの実際のページ数より大きいCPERレコードを送信すると、割り当てられたメモリ領域を超えて読み書きが行われ、カーネルがクラッシュ（OOPS）する可能性がありました。この問題は、CPERの長さをチェックする際に実際に割り当てられた領域を考慮することで防止されます。
Possible impacts	当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。また、当該ソフトウェアが扱う情報について、書き換えは発生しません。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃の影響は、他のソフトウェアには及びません。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	May 6, 2026, midnight
Registration Date	May 11, 2026, 11:05 a.m.
Last Update	May 11, 2026, 11:05 a.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected System

Linux

Linux Kernel 2.6.35 以上 5.10.252 未満

Linux Kernel 5.11 以上 5.15.202 未満

Linux Kernel 5.16 以上 6.1.165 未満

Linux Kernel 6.13 以上 6.18.16 未満

Linux Kernel 6.19 以上 6.19.6 未満

Linux Kernel 6.2 以上 6.6.128 未満

Linux Kernel 6.7 以上 6.12.75 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-43277	https://www.cve.org/CVERecord?id=CVE-2026-43277
National Vulnerability Database (NVD)
2	CVE-2026-43277	https://nvd.nist.gov/vuln/detail/CVE-2026-43277

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/616c120dcdf1ce96edcd818e38bce49667f80689)	https://git.kernel.org/stable/c/616c120dcdf1ce96edcd818e38bce49667f80689
2	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/6f5d41984ad896736c23e2fff7c80e15c1319132)	https://git.kernel.org/stable/c/6f5d41984ad896736c23e2fff7c80e15c1319132
3	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/92ba79074c58e65a6e32713758c5a9aecd33c2ea)	https://git.kernel.org/stable/c/92ba79074c58e65a6e32713758c5a9aecd33c2ea
4	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/98bd9b28d4d11e6739ad86524b4be4ada9025e60)	https://git.kernel.org/stable/c/98bd9b28d4d11e6739ad86524b4be4ada9025e60
5	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/b6be51a12441136fdf8c49b2525689fbea1856e1)	https://git.kernel.org/stable/c/b6be51a12441136fdf8c49b2525689fbea1856e1
6	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/e0ec99115e135dbb58e11a0df007c7d4771d4a17)	https://git.kernel.org/stable/c/e0ec99115e135dbb58e11a0df007c7d4771d4a17
7	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/f3740a1562445f36f08afab8af59e37117b3acdc)	https://git.kernel.org/stable/c/f3740a1562445f36f08afab8af59e37117b3acdc
8	APEI/GHES: ensure that won't go past CPER allocated record - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/fa2408a24f8f0db14d9cfc613ef162dc267d7ad4)	https://git.kernel.org/stable/c/fa2408a24f8f0db14d9cfc613ef162dc267d7ad4

Change Log

No	Changed Details	Date of change
1	[2026年05月11日] 掲載	May 11, 2026, 11:05 a.m.

NVD Vulnerability Information

CVE-2026-43277

Summary	In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghes_new() prevents allocating too large records, by checking if they're bigger than GHES_ESTATUS_MAX_SIZE (currently, 64KB). Yet, the allocation is done with the actual number of pages from the CPER bios table location, which can be smaller. Yet, a bad firmware could send data with a different size, which might be bigger than the allocated memory, causing an OOPS: Unable to handle kernel paging request at virtual address fff00000f9b40000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 52-bit VAs, pgdp=000000008ba16000 [fff00000f9b40000] pgd=180000013ffff403, p4d=180000013fffe403, pud=180000013f85b403, pmd=180000013f68d403, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 303 Comm: kworker/0:1 Not tainted 6.19.0-rc1-00002-gda407d200220 #34 PREEMPT Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 Workqueue: kacpi_notify acpi_os_execute_deferred pstate: 214020c5 (nzCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : hex_dump_to_buffer+0x30c/0x4a0 lr : hex_dump_to_buffer+0x328/0x4a0 sp : ffff800080e13880 x29: ffff800080e13880 x28: ffffac9aba86f6a8 x27: 0000000000000083 x26: fff00000f9b3fffc x25: 0000000000000004 x24: 0000000000000004 x23: ffff800080e13905 x22: 0000000000000010 x21: 0000000000000083 x20: 0000000000000001 x19: 0000000000000008 x18: 0000000000000010 x17: 0000000000000001 x16: 00000007c7f20fec x15: 0000000000000020 x14: 0000000000000008 x13: 0000000000081020 x12: 0000000000000008 x11: ffff800080e13905 x10: ffff800080e13988 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000020 x5 : 0000000000000030 x4 : 00000000fffffffe x3 : 0000000000000000 x2 : ffffac9aba78c1c8 x1 : ffffac9aba76d0a8 x0 : 0000000000000008 Call trace: hex_dump_to_buffer+0x30c/0x4a0 (P) print_hex_dump+0xac/0x170 cper_estatus_print_section+0x90c/0x968 cper_estatus_print+0xf0/0x158 __ghes_print_estatus+0xa0/0x148 ghes_proc+0x1bc/0x220 ghes_notify_hed+0x5c/0xb8 notifier_call_chain+0x78/0x148 blocking_notifier_call_chain+0x4c/0x80 acpi_hed_notify+0x28/0x40 acpi_ev_notify_dispatch+0x50/0x80 acpi_os_execute_deferred+0x24/0x48 process_one_work+0x15c/0x3b0 worker_thread+0x2d0/0x400 kthread+0x148/0x228 ret_from_fork+0x10/0x20 Code: 6b14033f 540001ad a94707e2 f100029f (b8747b44) ---[ end trace 0000000000000000 ]--- Prevent that by taking the actual allocated are into account when checking for CPER length. [ rjw: Subject tweaks ]
Publication Date	May 6, 2026, 9:16 p.m.
Registration Date	May 7, 2026, 4:09 a.m.
Last Update	May 9, 2026, 4:34 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	2.6.35			5.10.252
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.202
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.165
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.128
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.12.75
cpe:2.3:o:linux:linux_kernel::::::::	6.13			6.18.16
cpe:2.3:o:linux:linux_kernel::::::::	6.19			6.19.6

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/616c120dcdf1ce96edcd818e38bce49667f80689	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/6f5d41984ad896736c23e2fff7c80e15c1319132	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/92ba79074c58e65a6e32713758c5a9aecd33c2ea	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/98bd9b28d4d11e6739ad86524b4be4ada9025e60	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/b6be51a12441136fdf8c49b2525689fbea1856e1	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/e0ec99115e135dbb58e11a0df007c7d4771d4a17	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/f3740a1562445f36f08afab8af59e37117b3acdc	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/fa2408a24f8f0db14d9cfc613ef162dc267d7ad4	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List