CVE-2026-6862 in efivarthông tin

Tóm tắt

Bởi MITRE • 22/04/2026

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

Redhat

Đặt trước

22/04/2026

Tiết lộ

22/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-358961

CPE

sẵn sàng

CWE

CWE-674 (Đã xác nhận)

CVSS

5.5 (CNA)

EPSS

0.00019

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6862
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6862
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6862/

◂ Trước Tổng Quan Tiếp theo ▸

Want to know what is going to be exploited?

We predict KEV entries!