SB20260528219 - Incorrect Calculation of Buffer Size in Linux kernel firmware efi driver



SB20260528219 - Incorrect Calculation of Buffer Size in Linux kernel firmware efi driver

Published: May 28, 2026

Security Bulletin ID SB20260528219
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2026-45851)

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper memory reservation in reserve_unaccepted() when handling an unaccepted memory table with an unaligned starting physical address. A local user can trigger the vulnerable code path to cause a denial of service.

The issue was observed when starting Intel TDX virtual machines with specific memory sizes, such as systems with more than 64 GB of memory.


Remediation

Install update from vendor's website.