CVE-2026-45876 PUBLISHED

arm64/gcs: Fix error handling in arch_set_shadow_stack_status()

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

arm64/gcs: Fix error handling in arch_set_shadow_stack_status()

alloc_gcs() returns an error-encoded pointer on failure, which comes from do_mmap(), not NULL.

The current NULL check fails to detect errors, which could lead to using an invalid GCS address.

Use IS_ERR_VALUE() to properly detect errors, consistent with the check in gcs_alloc_thread_stack().

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from b57180c75c7ebff6613886cb69ef6e283a10358b to c787a235deb33be6eda40beee8f561da5fd8cb8c (excl.)
  • affected from b57180c75c7ebff6613886cb69ef6e283a10358b to a4741114c9622346c4bbb8cc2bbd88153616ffaf (excl.)
  • affected from b57180c75c7ebff6613886cb69ef6e283a10358b to 53c998527ffa60f9deda8974a11ad39790684159 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.13 is affected
  • unaffected from 0 to 6.13 (excl.)
  • unaffected from 6.18.14 to 6.18.* (incl.)
  • unaffected from 6.19.4 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References