CVE-2026-45876

Description

In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() alloc_gcs() returns an error-encoded pointer on failure, which comes from do_mmap(), not NULL. The current NULL check fails to detect errors, which could lead to using an invalid GCS address. Use IS_ERR_VALUE() to properly detect errors, consistent with the check in gcs_alloc_thread_stack().

References

Other References

https://git.kernel.org/stable/c/53c998527ffa60f9deda8974a11ad39790684159 https://git.kernel.org/stable/c/a4741114c9622346c4bbb8cc2bbd88153616ffaf https://git.kernel.org/stable/c/c787a235deb33be6eda40beee8f561da5fd8cb8c

Frequently Asked Questions

What is CVE-2026-45876? +

In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() alloc_gcs() returns an error-encoded pointer on failure, which comes from do_mmap(), not NULL. The current NULL check fails to detect errors, which could lead to using an invalid GCS address. Use IS_ERR_VALUE() to properly detect errors, consistent with the check in gcs_alloc_thread_stack().

How do I check if I'm vulnerable to CVE-2026-45876? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Description

References

Other References

Frequently Asked Questions

Don't wait for an exploit