CVE-2026-6862
mediumCVSS v3 Base Score
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
None
Integrity
None
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).
CWE
CWE-674Affected Products
Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4