Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

SUSE CVE-2026-43201

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

SUSE CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43277

The CVE-2026-43277 issue affects the Linux kernel GHES/APEI path. The root cause is a mismatch between CPER-record length and the actual number of pages allocated when ghes_new() validates CPER data, enabling a bad firmware to cause an out-of-bounds write and a kernel OOPs/panic. Public descripti...

CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

PT-2026-37541

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the APEI/GHES component where the system may attempt to access memory beyond allocated boundaries when the BIOS generates an incomplete or very small ARM Processor...

Linux Distros Unpatched Vulnerability : CVE-2026-43277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fixed an integer overflow in ghesestatuspoolinit The variable numghes was changed from int to unsigned int, preventing an overflow and causing subsequent vmalloc calls to fail. The overflow occurs in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988893)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988893 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int,...

CVE-2025-40034

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

CVE-2025-40034 PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

Linux Distros Unpatched Vulnerability : CVE-2025-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies erro...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987370)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987370 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int,...

DEBIAN-CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

UBUNTU-CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

CVE-2022-49885 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

MAL-2024-11108 Malicious code in sync-ghes-actions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6392f0dcc6aab8ef4f6f380e3278d8b439e146ff540bd1c9e5b445a71ee577cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a...

kernel: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...