CVE-2026-43266 EFI/CPER: don't go past the ARM processor CPER record buffer

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

CVE-2025-40034

CVE-2025-40034 concerns the Linux kernel. A NULL pointer dereference could occur in aer_ratelimit() when a platform firmware-provided error (e.g., via APEI GHES) identifies a device that does not advertise an AER Capability, leaving dev->aer_info NULL. The issue existed because pci_dev_aer_sta...