CVE Catalog

CVE-2026-45876

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the arch_set_shadow_stack_status() function for ARM64 architecture. The alloc_gcs() function returns an error-encoded pointer on failure, not NULL. The previous NULL check failed to detect errors, which could lead to using an invalid GCS address.

Risk Assessment

The risk involves potential use of an invalid shadow stack (GCS) address, which could result in system crashes or potential security breaches through uncontrolled memory operations.

Recommendation

Immediately update the Linux kernel to a version containing the fix that uses IS_ERR_VALUE() to properly detect errors, consistent with the mechanism used in gcs_alloc_thread_stack().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() alloc_gcs() returns an error-encoded pointer on failure, which comes from do_mmap(), not NULL. The current NULL check fails to detect errors, which could lead to using an invalid GCS address. Use IS_ERR_VALUE() to properly detect errors, consistent with the check in gcs_alloc_thread_stack().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS