CVE-2026-45876

Summary

In the Linux kernel, the following vulnerability has been resolved:

arm64/gcs: Fix error handling in arch_set_shadow_stack_status()

alloc_gcs() returns an error-encoded pointer on failure, which comes from do_mmap(), not NULL.

The current NULL check fails to detect errors, which could lead to using an invalid GCS address.

Use IS_ERR_VALUE() to properly detect errors, consistent with the check in gcs_alloc_thread_stack().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb57180c75c7ebff6613886cb69ef6e283a10358b < c787a235deb33be6eda40beee8f561da5fd8cb8caffected
LinuxLinuxb57180c75c7ebff6613886cb69ef6e283a10358b < a4741114c9622346c4bbb8cc2bbd88153616ffafaffected
LinuxLinuxb57180c75c7ebff6613886cb69ef6e283a10358b < 53c998527ffa60f9deda8974a11ad39790684159affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References