PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45876 Linux CVE debrief

A vulnerability in the Linux kernel's arm64 Guarded Control Stack (GCS) implementation has been resolved. The flaw existed in `arch_set_shadow_stack_status()` where error handling for `alloc_gcs()` was incorrect. The function returns an error-encoded pointer on failure (from `do_mmap()`), not NULL. The original NULL check failed to detect these errors, potentially leading to use of an invalid GCS address. The fix uses `IS_ERR_VALUE()` for proper error detection, consistent with error handling in `gcs_alloc_thread_stack()`. This vulnerability affects the arm64 architecture's shadow stack functionality, which is a security feature designed to protect return addresses from corruption.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux on arm64 architecture with Guarded Control Stack (GCS) enabled should prioritize this fix. System administrators maintaining arm64-based servers, cloud instances, or embedded systems using recent Linux kernels with shadow stack protections should apply updates. Security teams monitoring kernel-level vulnerabilities should track this as part of defense-in-depth for return-oriented programming (ROP) protection mechanisms.

Technical summary

The vulnerability is in the Linux kernel's arm64 Guarded Control Stack (GCS) implementation, specifically in `arch_set_shadow_stack_status()`. The function `alloc_gcs()` returns an error-encoded pointer (from `do_mmap()`) rather than NULL on failure. The original code checked for NULL, which would not catch allocation failures, potentially resulting in use of an invalid GCS address. The fix applies `IS_ERR_VALUE()` to properly detect error conditions, aligning with the error handling pattern used in `gcs_alloc_thread_stack()`. This ensures that GCS allocation failures are properly detected and handled rather than proceeding with an invalid address.

Defensive priority

medium

Recommended defensive actions

  • Apply the relevant kernel patches from the stable tree commits once available for your distribution
  • Monitor Linux distribution security advisories for kernel updates addressing this issue
  • Verify that systems running arm64 with GCS enabled are updated to a patched kernel version
  • Review kernel logs for any GCS-related errors that may indicate prior failed allocations

Evidence notes

The vulnerability description indicates this is a resolved Linux kernel issue affecting arm64 GCS (Guarded Control Stack). The fix involves correcting error pointer handling in `arch_set_shadow_stack_status()`. Three kernel.org stable tree commits are referenced. The CVE was published and modified on 2026-05-27. No CVSS score or severity is currently assigned. The vulnerability is not listed in CISA KEV.

Official resources

2026-05-27