Description

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).

INFO

Published Date :

2026-04-22T13:45:45.503Z

Last Modified :

2026-04-22T14:28:14.132Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-6862 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Openshift Container Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6862.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-6862 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2459982 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-6862 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-6862 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact