Vulnerabilities

Report: CVE-2026-6862 - Efivar: efivar: denial of service due to stack overflow in device path node parsing

2026-04-22 0 views admin

CVE ID :CVE-2026-6862 Published : April 22, 2026, 2:17 p.m. | 58 minutes ago Description :A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS). Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-6862

Severity

MEDIUM

Published

April 22, 2026

Attack Vector: local

Impact: denial of service

🏷️ Tags

reportefivardenialservicestackoverflowdeviceparsingcvecve-2026-6862

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-6862 - Efivar: efivar: denial of service due to stack overflow in device path node parsing

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-31530 - cxl/port: Fix use after free of parent_port in cxl_detach_ep() - Full Analysis

Report: CVE-2026-31528 - perf: Make sure to use pmu_ctx->pmu for groups

Report: CVE-2026-31529 - cxl/region: Fix leakage in __construct_region() - Guide

Report: Complete Guide to CVE-2026-33602 - Off-by-one access when processing crafted UDP responses

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting