CVE-2026-6862

Summary

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-674: Uncontrolled Recursion

Workarounds

Applications using efi_loadopt_is_valid() should validate the size of the input buffer before passing it to libefiboot. As a library-level fix, the device path iterator should enforce a minimum node Length of 4 before recursing:

if (dp->length < 4) return -1;

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References