SB20260528219 - Incorrect Calculation of Buffer Size in Linux kernel firmware efi driver
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2026-45851)
CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper memory reservation in reserve_unaccepted() when handling an unaccepted memory table with an unaligned starting physical address. A local user can trigger the vulnerable code path to cause a denial of service.
The issue was observed when starting Intel TDX virtual machines with specific memory sizes, such as systems with more than 64 GB of memory.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0862438c90487e79822d5647f854977d50381505
- https://git.kernel.org/stable/c/9b18bf59977f5c5bc3b11b210520f62500a7adf3
- https://git.kernel.org/stable/c/b7bc182ec1846be437351e44164089d988f9d0dd
- https://git.kernel.org/stable/c/ba6b6f1502fa55621d1db23f253d54322bdbe4e0
- https://git.kernel.org/stable/c/e649b5916725c68f44ebf45fb396df563c5dbaf2