In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err->section_length and ctx_info->size Add checks to avoid that. With such changes, such GHESv2 records won't cause OOPSes like this: [ 1.492129] Internal error: Oops: 0000000096000005 [#1] SMP [ 1.495449] Modules linked in: [ 1.495820] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.18.0-rc1-00017-gabadcc3553dd-dirty #18 PREEMPT [ 1.496125] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 02/02/2022 [ 1.496433] Workqueue: kacpi_notify acpi_os_execute_deferred [ 1.496967] pstate: 814000c5 (Nzcv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.497199] pc : log_arm_hw_error+0x5c/0x200 [ 1.497380] lr : ghes_handle_arm_hw_error+0x94/0x220 0xffff8000811c5324 is in log_arm_hw_error (../drivers/ras/ras.c:75). 70 err_info = (struct cper_arm_err_info *)(err + 1); 71 ctx_info = (struct cper_arm_ctx_info *)(err_info + err->err_info_num); 72 ctx_err = (u8 *)ctx_info; 73 74 for (n = 0; n < err->context_info_num; n++) { 75 sz = sizeof(struct cper_arm_ctx_info) + ctx_info->size; 76 ctx_info = (struct cper_arm_ctx_info *)((long)ctx_info + sz); 77 ctx_len += sz; 78 } 79 and similar ones while trying to access section_length on an error dump with too small size. [ rjw: Subject tweaks ]

• https://git.kernel.org/stable/c/136093ba4161e0080088abff48273f6830a47766
• https://git.kernel.org/stable/c/242c652849d979d0133c315a42d9acea0ff88390
• https://git.kernel.org/stable/c/87880af2d24e62a84ed19943dbdd524f097172f2
• https://git.kernel.org/stable/c/db103b8bd3a4aca69b1b5fe8831a6ed75ac4b3bd

• Linux » Linux Kernel » Version: 6.12.63
  cpe:2.3:o:linux:linux_kernel:6.12.63
• Linux » Linux Kernel » Version: 6.12.64
  cpe:2.3:o:linux:linux_kernel:6.12.64
• Linux » Linux Kernel » Version: 6.12.65
  cpe:2.3:o:linux:linux_kernel:6.12.65
• Linux » Linux Kernel » Version: 6.12.66
  cpe:2.3:o:linux:linux_kernel:6.12.66
• Linux » Linux Kernel » Version: 6.12.67
  cpe:2.3:o:linux:linux_kernel:6.12.67
• Linux » Linux Kernel » Version: 6.12.68
  cpe:2.3:o:linux:linux_kernel:6.12.68
• Linux » Linux Kernel » Version: 6.12.69
  cpe:2.3:o:linux:linux_kernel:6.12.69
• Linux » Linux Kernel » Version: 6.12.70
  cpe:2.3:o:linux:linux_kernel:6.12.70
• Linux » Linux Kernel » Version: 6.12.72
  cpe:2.3:o:linux:linux_kernel:6.12.72
• Linux » Linux Kernel » Version: 6.12.74
  cpe:2.3:o:linux:linux_kernel:6.12.74
• Linux » Linux Kernel » Version: 6.18.10
  cpe:2.3:o:linux:linux_kernel:6.18.10
• Linux » Linux Kernel » Version: 6.18.11
  cpe:2.3:o:linux:linux_kernel:6.18.11
• Linux » Linux Kernel » Version: 6.18.13
  cpe:2.3:o:linux:linux_kernel:6.18.13
• Linux » Linux Kernel » Version: 6.18.14
  cpe:2.3:o:linux:linux_kernel:6.18.14
• Linux » Linux Kernel » Version: 6.18.2
  cpe:2.3:o:linux:linux_kernel:6.18.2
• Linux » Linux Kernel » Version: 6.18.3
  cpe:2.3:o:linux:linux_kernel:6.18.3
• Linux » Linux Kernel » Version: 6.18.4
  cpe:2.3:o:linux:linux_kernel:6.18.4
• Linux » Linux Kernel » Version: 6.18.5
  cpe:2.3:o:linux:linux_kernel:6.18.5
• Linux » Linux Kernel » Version: 6.18.6
  cpe:2.3:o:linux:linux_kernel:6.18.6
• Linux » Linux Kernel » Version: 6.18.7
  cpe:2.3:o:linux:linux_kernel:6.18.7
• Linux » Linux Kernel » Version: 6.18.8
  cpe:2.3:o:linux:linux_kernel:6.18.8
• Linux » Linux Kernel » Version: 6.18.9
  cpe:2.3:o:linux:linux_kernel:6.18.9
• Linux » Linux Kernel » Version: 6.19
  cpe:2.3:o:linux:linux_kernel:6.19
• Linux » Linux Kernel » Version: 6.19.1
  cpe:2.3:o:linux:linux_kernel:6.19.1
• Linux » Linux Kernel » Version: 6.19.3
  cpe:2.3:o:linux:linux_kernel:6.19.3
• Linux » Linux Kernel » Version: 6.19.4
  cpe:2.3:o:linux:linux_kernel:6.19.4