Rjw

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the `cper print fw err()` function where the logic fails to verify if the error record length is sufficient to handle the offset. In cases of faulty firmware, if the offset exceeds the actual record, an underflow occurs during the `length -= offset` operation, potentially causing the system to dump the entire memory. This can lead to significant performance degradation due to large memory dumps, unauthorized data disclosure, or a system OOPS (a kernel panic) if an unmapped memory region is accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the APEI/GHES component where the `ghes new()` function fails to properly validate the size of CPER records. While the logic prevents allocating records larger than `GHES ESTATUS MAX SIZE` (64KB), the actual allocation is based on the number of pages from the CPER bios table location, which may be smaller. Consequently, malicious firmware could send data exceeding the allocated memory, leading to a kernel OOPS (a type of kernel panic or crash). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.